International Journal of Computer Applications (0975 – 8887) Volume 28– No.4, August 2011 1 A New Approach for Secured Transition using Prime Field Elliptic Curve Cryptography System Muhammad Firoz Mridha Department of Computer Science Stamford University Bangladesh Dhaka, Bangladesh ABSTRACT The demands of secured electronic transactions are increasing rapidly. Prime Field Elliptic curve cryptosystems (PFECC) are becoming most popular because of the reduced number of key bits required in comparison to other cryptosystems. PFECC is emerging as an attractive alternative to traditional public-key cryptosystems. PFECC offers equivalent security with smaller key sizes resulting in faster computations, lower power consumption, as well as memory and bandwidth savings. While these characteristics make PFECC especially appealing for small devices, they can also alleviate the computational burden on secure web servers. Keywords -Prime Field Elliptic curve cryptosystems, public key cryptosystems, RSA, Modular Arithmetic, Key Distribution center. 1. INTRODUCTION Secure transaction is an intrinsic requirement of today‘s world of on-line transactions. Whether exchanging financial, business or personal information, people want to know with whom they are communicating (authentication) and they wish to ensure that the information is neither modified (data integrity) nor disclosed (confidentiality) in transit. The Secure Sockets Layer (SSL) protocol [1] is the most popular choice for achieving these goals. Elliptic curves were first proposed as a basis for public key cryptography in the mid 1980s independently by Koblitz [2] and Miller [3]. Elliptic curves provide a public key cryptosystem based on the difficulty of the elliptic curve discrete logarithm problem (defined later in this section), which is so called because of its similarity to the discrete logarithm problem (DLP) over the integers modulo a prime p. This similarity means that most cryptographic procedures carried out using a cryptosystem based on the DLP over the integers modulo can also be carried out in an elliptic curve cryptosystem. Another benefit of ECC is that they can use a much shorter key length than other public key cryptosystems to provide an equivalent level of security. For example, 160 bit elliptic curve cryptosystems (ECC) are believed to provide about the same level of security as 1024 bit RSA [7, p.51]. Also, the rate at which ECC key sizes increase in order to obtain increased security is much slower than the rate at which integer based discrete logarithm (dl) or RSA key sizes must be increased for the same increase in security. ECCs can also provide a faster implementation than RSA or dl systems, and use less bandwidth and power [4]. This paper is organized as follows: the literature review related to the ECC in Section 2 and 3 while the existing system, proposed model and implementation are structured in detailed in Section 4, Section 5 and Section 6. 2. PUBLIC KEY CRYPTOGRAPHY METHODS The origins of public-key cryptography stem from a paper published in 1968 by Wilkes [5]. It describes a new one-way cipher used by R. M. Needham to verify passwords on a computer without storing any information that could be used for an intruder to impersonate a legitimate user. In Needham's system, when the user first sets his password, or whenever he changes it, it is immediately subjected to the enciphering process, and it is the enciphered form that is stored in the computer. Whenever the password is typed in response to a demand from the supervisor for the user's identity to be established, it is again enciphered and the result compared with the stored version. It would be of no immediate use to a would- be malefactor to obtain a copy of the list of enciphered passwords, since he would have to decipher them before he could use them. For this purpose, he would need access to a computer and even if full details of the enciphering algorithm were available, the deciphering process would take a long time. Purdy [6] gave the first detailed description of such a one-way function in 1974. In his paper, he let the original passwords and their enciphered forms be the integers modulo a large prime p, that is in Zp, and the one-way function be a map from Zp to Zp. The map is given by a polynomial f(x) which is easy to evaluate by computer but not feasible to calculate the inverse. As an example, Purdy used p = 2 64 -59 and Where the coefficients a i were arbitrary 19-digit integers. Public-key cryptography was conceived by Diffie and Hellman [7] in 1976 when they described a protocol whereby two people, Alice and Bob, can derive and securely share private information over an insecure communications channel. This information can then be used as their key in a private-key cryptosystem such as DES. 3. ECC BASICS Elliptic curve cryptosystems (ECC) are based on the group of points on an elliptic curve over a finite field. They rely on the difficulty of finding the value of a scalar, given a point and that scalar multiple of that point. This corresponds to solving the DL problem. However, it is more difficult to solve the elliptic curve DL problem than its original counterpart. Thus, elliptic curve