Skip to main content
Springer Nature Link
Log in

PEPEC: Precomputed ECC Points Embedded in Certificates and Verified by CT Log Servers

  • Conference paper
  • First Online:
Applied Cryptography and Network Security Workshops (ACNS 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13285))

Included in the following conference series:

  • 1334 Accesses

Abstract

Elliptic curve cryptography (ECC) is respected in public key infrastructures (PKIs) due to its high performance and small key size. However, for some client devices with limited computing resources, signature verification and key agreement using the ECC public key is computationally difficult which mainly due to the complexity of scalar multiplication. The window non-adjacent form algorithm can be used to improve the performance of the elliptic curve public key operation, which is combining the window method with the Non-adjacent form representation (w-NAF). Compared with fixed-point scalar multiplication using the offline precomputed table, for the unknown-point multiplication of ECC public key operation, a pre-computed table needs to be generated online. In this paper, a novel efficient certificate scheme called PEPEC (Precomputed ECC Points Embedded in Certificates) is proposed to integrate the w-NAF into CT (Certificate Transparency) which is a trusted enhancement for PKI. By using the PEPEC certificate, the client can improve the performance of the public key operation by more than 10%, with the offline-generated precomputed table of the w-NAF algorithm. The correctness of the precomputed table is provided by CT. Our PEPEC certificate is compatible with the existing standardized PKI system. The client can select the optimal window size of the w-NAF algorithm according to the current situation of computing resources to improve the performance of the public key operation.

This work was supported in part by Key RD Plan of Shandong Province under Grant No. 2020CXGC010115; in part by the National Natural Science Foundation of China under Grant 62002011; in part by the China Postdoctoral Science Foundation under Grant 2021T140042 and Grant 2021M690304.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. ALIENTEK: 4G Cat1 DTU communication module ATK-IDM751C (2022). https://detail.tmall.com/item.htm?id=669018761342

  2. Apple-Inc.: Apple’s Certificate Transparency policy (2019). https://support.apple.com/en-us/HT205280

  3. Boeyen, S., Santesson, S., Polk, T., Housley, R., Farrell, S., Cooper, D.: Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile. RFC 5280, May 2008. https://doi.org/10.17487/RFC5280. https://www.rfc-editor.org/info/rfc5280

  4. Certificate-Transparency-Policy: Certificate Transparency Enforcement in Google Chrome (2018). https://groups.google.com/a/chromium.org/g/ct-policy/c/wHILiYf31DE/m/iMFmpMEkAQAJ

  5. Certificate-Transparency-Policy: Mozilla CT Policy (2019). https://groups.google.com/a/chromium.org/forum/m/#!topic/ct-policy/Xx1bv8r33ZE

  6. Cheng, H., Großschädl, J., Tian, J., Rønne, P.B., Ryan, P.Y.A.: High-throughput elliptic curve cryptography using AVX2 vector instructions. In: Dunkelman, O., Jacobson, Jr., M.J., O’Flynn, C. (eds.) SAC 2020. LNCS, vol. 12804, pp. 698–719. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-81652-0_27

    Chapter  MATH  Google Scholar 

  7. Comodo: Comodo report of incident (2011). https://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html

  8. Costello, C., Longa, P.: Four\(\mathbb{Q}\): four-dimensional decompositions on a \(\mathbb{Q}\)-curve over the Mersenne prime. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 214–235. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48797-6_10

    Chapter  Google Scholar 

  9. Dong, J., Zheng, F., Lin, J., Liu, Z., Xiao, F., Fan, G.: EC-ECC: accelerating elliptic curve cryptography for edge computing on embedded GPU TX2. ACM Trans. Embedded Comput. Syst. (TECS) 21(2), 1–25 (2022)

    Article  Google Scholar 

  10. Evans, C., Palmer, C., Sleevi, R.: Public key pinning extension for HTTP. RFC 7469, April 2015. https://doi.org/10.17487/RFC7469. https://www.rfc-editor.org/info/rfc7469

  11. Forsby, F., Furuhed, M., Papadimitratos, P., Raza, S.: Lightweight X.509 digital certificates for the Internet of Things. In: Fortino, G., et al. (eds.) InterIoT/SaSeIoT -2017. LNICST, vol. 242, pp. 123–133. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93797-7_14

    Chapter  Google Scholar 

  12. OpenSSL Software Foundation: OpenSSL Cryptography and SSL/TLS Toolkit (2016). http://www.openssl.org/

  13. Gao, L., Zheng, F., Emmart, N., Dong, J., Lin, J., Weems, C.: DPF-ECC: accelerating elliptic curve cryptography with floating-point computing power of GPUs. In: 2020 IEEE International Parallel and Distributed Processing Symposium (IPDPS), pp. 494–504. IEEE (2020)

    Google Scholar 

  14. Hallam-Baker, P., Stradling, R.: DNS Certification Authority Authorization (CAA) resource record. RFC 6844, January 2013. https://doi.org/10.17487/RFC6844. https://www.rfc-editor.org/info/rfc6844

  15. Hankerson, D., Vanstone, S., Menezes, A.J.: Guide to Elliptic Curve Cryptography. Springer, New York (2004). https://doi.org/10.1007/b97644

    Book  MATH  Google Scholar 

  16. Harkanson, R., Kim, Y.: Applications of elliptic curve cryptography: a light introduction to elliptic curves and a survey of their applications. In: Proceedings of the 12th Annual Conference on Cyber and Information Security Research, p. 6. ACM (2017)

    Google Scholar 

  17. Hoffman, P.E., Schlyter, J.: The DNS-based Authentication of Named Entities (DANE) Transport Layer Security (TLS) protocol: TLSA. RFC 6698, August 2012. https://doi.org/10.17487/RFC6698. https://www.rfc-editor.org/info/rfc6698

  18. Järvinen, K., Miele, A., Azarderakhsh, R., Longa, P.: Four\(\mathbb{Q}\) on FPGA: new hardware speed records for elliptic curve cryptography over large prime characteristic fields. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 517–537. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53140-2_25

    Chapter  MATH  Google Scholar 

  19. Josefsson, S., Liusvaara, I.: Edwards-Curve Digital Signature Algorithm (EdDSA). RFC 8032, January 2017. https://doi.org/10.17487/RFC8032. https://rfc-editor.org/rfc/rfc8032.txt

  20. Kasten, J., Wustrow, E., Halderman, J.A.: CAge: taming certificate authorities by inferring restricted scopes. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 329–337. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39884-1_28

    Chapter  Google Scholar 

  21. Koblitz, N.: Elliptic curve cryptosystems. Math. Comput. 48(177), 203–209 (1987)

    Article  MathSciNet  Google Scholar 

  22. Langley, A., Hamburg, M., Turner, S.: Elliptic Curves for Security. RFC 7748, January 2016. https://doi.org/10.17487/RFC7748. https://rfc-editor.org/rfc/rfc7748.txt

  23. Larisch, J., Choffnes, D., Levin, D., Maggs, B.M., Mislove, A., Wilson, C.: CRLite: a scalable system for pushing all TLS revocations to all browsers. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 539–556 (2017). https://doi.org/10.1109/SP.2017.17

  24. Laurie, B., Langley, A., Kasper, E.: Certificate Transparency. RFC 6962, June 2013. https://doi.org/10.17487/RFC6962. https://www.rfc-editor.org/info/rfc6962

  25. Li, B., et al.: Certificate transparency in the wild: exploring the reliability of monitors. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 2505–2520 (2019)

    Google Scholar 

  26. Liu, Z., Longa, P., Pereira, G.C., Reparaz, O., Seo, H.: Four\(\mathbb{Q} \) on embedded devices with strong countermeasures against side-channel attacks. IEEE Trans. Dependable Secure Comput. 17(3), 536–549 (2018)

    MATH  Google Scholar 

  27. Lochter, M., Merkle, J.: Elliptic curve cryptography (ECC) brainpool standard curves and curve generation. Technical report (2010)

    Google Scholar 

  28. Monton, A.L.: History of the Internet (2021). https://www.globalsign.com/en-sg/blog/history-internet-development-pki

  29. National Institute of Standards and Technology: Digital Signature Standard (DSS) (2013). https://doi.org/10.6028/NIST.FIPS.186-4.pdf

  30. NGINX: NGINX Unit Now Supports TLS (2018). https://www.nginx.com/blog/nginx-unit-1-5-available-now/

  31. Pan, W., Zheng, F., Zhu, W., Jing, J.: An efficient elliptic curve cryptography signature server with GPU acceleration. IEEE Trans. Inf. Forensics Secur. 12(1), 111–122 (2017)

    Article  Google Scholar 

  32. Rescorla, E.: The transport layer security (TLS) protocol version 1.3. RFC 8446(1-160), p. 10, 2018.17487/RFC8446. https://doi.org/10.17487/RFC8446

  33. Szalachowski, P., Matsumoto, S., Perrig, A.: PoliCert: secure and flexible TLS certificate management. ACM (2014)

    Google Scholar 

  34. Szalachowski, P., Chuat, L., Perrig, A.: PKI safety net (PKISN): addressing the too-big-to-be-revoked problem of the TLS ecosystem. In: 2016 IEEE European Symposium on Security and Privacy (EuroSP), pp. 407–422 (2016). https://doi.org/10.1109/EuroSP.2016.38

  35. The-OpenSSL-Project-Authors: Certificate transparency in OpenSSL (2018). https://www.openssl.org/docs/man3.0/man7/ct.html

  36. Wikipedia: Flame (malware) (2022). https://en.wikipedia.org/wiki/Flame_(malware)

Download references

Author information

Authors and Affiliations

  1. School of Cyber Security, University of Science and Technology of China, Hefei, China

    Guangshen Cheng

  2. School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing, China

    Jiankuo Dong, Xinyi Ji & Pinchang Zhang

  3. School of Cyber Science and Technology, Beihang University, Beijing, China

    Bingyu Li

  4. Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    Haoling Fan

  5. Beijing Research Institute, University of Science and Technology of China, Beijing, China

    Guangshen Cheng

Authors
  1. Guangshen Cheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jiankuo Dong
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xinyi Ji
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Bingyu Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Haoling Fan
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Pinchang Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jiankuo Dong .

Editor information

Editors and Affiliations

  1. Singapore University of Technology and Design, Singapore, Singapore

    Jianying Zhou

  2. University of Bristol, Bristol, UK

    Sridhar Adepu

  3. University of Malaga, Malaga, Spain

    Cristina Alcaraz

  4. Radboud University Nijmegen, Málaga, The Netherlands

    Lejla Batina

  5. Sapienza University of Rome, Rome, Roma, Italy

    Emiliano Casalicchio

  6. Singapore University of Technology and Design, Singapore, Singapore

    Sudipta Chattopadhyay

  7. Centrum Wiskunde & Informatica, Amsterdam, The Netherlands

    Chenglu Jin

  8. University of Science and Technology of China, Hefei, China

    Jingqiang Lin

  9. University of Padua, Padua, Italy

    Eleonora Losiouk

  10. Concordia University, Montreal, QC, Canada

    Suryadipta Majumdar

  11. Technical University Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

  12. Delft University of Technology, Delft, The Netherlands

    Stjepan Picek

  13. Zhejiang Gongshang University, Hangzhou, China

    Jun Shao

  14. University of Aizu, Aizu-Wakamatsu, Japan

    Chunhua Su

  15. City University of Hong Kong, Hong Kong, Hong Kong

    Cong Wang

  16. Delft University of Technology, Delft, The Netherlands

    Yury Zhauniarovich

  17. Rutgers University, Piscataway, NJ, USA

    Saman Zonouz

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Cheng, G., Dong, J., Ji, X., Li, B., Fan, H., Zhang, P. (2022). PEPEC: Precomputed ECC Points Embedded in Certificates and Verified by CT Log Servers. In: Zhou, J., et al. Applied Cryptography and Network Security Workshops. ACNS 2022. Lecture Notes in Computer Science, vol 13285. Springer, Cham. https://doi.org/10.1007/978-3-031-16815-4_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-16815-4_24

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-16814-7

  • Online ISBN: 978-3-031-16815-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation