Today, strong cryptographic operations that are a component of cryptosystems are crucial to information security
Hong Zhong’s
The middleman or intrusive party can rapidly change or replace the message that the recipient cannot understand by changing the hash value. Zhong's scheme
G: Basepoint of elliptic curve
d: Private key of Alice
m: message
e: hash value of message m
When Alice sends the message to Bob, and so obtains a digital signature r, s which is generated by the following steps:
Step 1: Select a random k in the range of [1, n  1]
Step 2: Compute a curve point k * G = (x1, y1)
Step 3: Compute value of r = x1 mod n. If r = 0, then go back to step 1
Step 4: Compute the value of e = SHA 1(m)
Step 5: Compute the value of s = (e +k + r d) mod n. If s = 0, then return to step1
Step 6: Send the message m and computed digital signature (r, s)
Following these steps, Bob validates the digital signature:
Step 1: Confirm that r and s are integers in [1, n1]. If not, the signature is Invalid
Step 2: Calculate e = SHA 1(m)
Step 3: Calculate w = (s  e) mod n
Step 4: Ascertain a curve X= w * G – r * Q = (x1, y1)
Step 5: On the off chance that If X=0, the digital signature is invalid else ascertain
v = x1 mod n.
Step 6: Bob will acknowledge the digital signature if and only if v = r
By simply adding the hash value, the Middle Man or intruder can easily change or supersede the message that the receiver cannot interpret. Let m1 be the message of the middle man, which is modified or replaced by the original message m, whose hash values e1 and e respectively. The following is a full discussion of the cryptanalysis of Zhong's scheme, which demonstrates how Zhong's strategy favors maninthemiddle attacks.
The following is an account of the attack:
1. Compute hash value e of the message m
2. Compute signature for message m, s = e + k + r d
3. New/modified message m1
4. Compute hash value e1 of the message m1
5. Compute signature for new message m1, s1= s  e + e1
6. (s1, x1) is the signature for the message m1.
7. Substitute the value of s from step 2 in step 5 we get,
s1 = e + k + d – e + e1
where s1 is Middle Man’s signature element.
Hence, a hacker can change the message's hash value and add new data without knowing the Sender's or the Receiver's private or public keys. Security is at risk because the receiver cannot recognize this alteration. One of the most significant weaknesses in the Man in the Middle assault is revealed as the security of Hong Zhong's strategy is investigated. The system aims to increase effectiveness by decreasing reserve standard inverse operations, however it falls short of security due to the possibility of message modification and failure to meet the security requirements of a digital signature scheme.
Using generating point G and random integer number r the public key K is computed as follows:
1. Choose a random integer number r in the interval [0, n1].
2. Compute K = r * G
3. The keypair combination is (r, K) where r is the Private Key and K is the public key.
The Signer makes the following advances to sign message m using the domain parameter and private key:
Using1≤ p ≤ n −1 Select a random integer p (secret key)
The value of z = H(m) is ascertained
f = ((z + p) ⊕ (p + r)), where ⊕ is ExOR operation is ascertained
d = xcoordinator (f * G) is ascertained
Determine s = (z * r) + f mod n. If s = 0 then return to step 1
Signature for the message m is (d, s)
At the Receiver side, the message m ought to be validated with the following steps:
1. Firstly, confirm that s is an integer in the range [1, n −1]
2. Compute the hash value z of the message/document m
3. W = (x1, y1) = s * G – z * K
4. v = xcoordinate(W), finally, authenticate the signature by checking whether the equivalence v = d holds.
If the signature for the message m is (d, s) and was generated by the authorized Sender, then s = (z * r) + f mod n is true. The following proof can be used to determine whether the algorithm is correct:
As a result, v = d as a reason, the suggested technique by Hong Zhong et al, lacks to prevent the Man in the Middle attack
Sender: Bob Signature Generation
Receiver: Alice Signature Verification
Intruder: Darth MITM Attack
Darth tries to modify s1 from s but fails to achieve s1. Thus, Signature s1 fails on verification at Receiver Alice’s end
At the Receiver side the message m ought to be validated with the following steps:
1. Firstly, confirm that s is an integer in the interim [1, n −1]
2. Compute the hash value z of the message/document m
3. W = (x1, y1) = s * G – z * K
W= {[(z * r) + f mod n] z +z1} * G  z * K
= z * r * G + f * G  z * G + z1 * G  z * K
= z * K + f * G  z * G + z1 * G  z * K
= f * G  z * G + z1 * G
Since z ≠ z1,
xcoordinate (W) ≠ xcoordinate (f * G)
v ≠ d
And Signature Verification fails
4. v = xcoordinate(W), finally, authenticate the signature by checking whether the equivalence v = d holds.
S = (z * r) + f mod n in an instance when the signature for the message m is (d, s) and was actually created by the authorized Sender. The aforementioned demonstration thus establishes that the ECDSA approach is effective in fending off the maninthemiddle attack.
To avoid replay attacks, both the sender and the recipient should create a completely random session key, which is a type of code that is only valid for one transaction and cannot be reused. Another safeguard against this kind of assault is the use of timestamps in all messages. This limits the window of opportunity for an attacker to eavesdrop, syphon out the message, and resent it by prohibiting hackers from resending communications transmitted after a particular period of time.
Sender: Bob Signature Generation
Where Na is the Timestamp/Nonce added for the Signature Generation Session at the Sender Side. It is a random number for that session only
Receiver: Alice Signature Verification
Intruder: Darth Replay Attack
W = [((z * r) + f) + Na’)] * G – z * K
Substitute
Na’ is time stamp created for this session and Na’ ≠ Na
V = xcoordinate (W)
xcoordinate (W) ≠ xcoordinate (f * G)
Hence, v ≠ d
As Na’ ≠ Na, doesn't match the time created at the Signature Verification session
The following proof can be used to determine whether the algorithm is correct:
Replay Attack at the Signature Verification Side:
1. d = xcoordinate (f * G)
2. s = [(z * r) + f mod n] + Na
Where Na is the Timestamp/Nonce added for the Signature Generation Session at the Sender Side. It is a random number for that session only
W = (x1, y1) = s * G – z * K
Substitute
= [ ((z * r) + f) + Na’)] * G – z * K
= [ z * r + f + Na’] G – z * K
= [(z * r) * G + (f * G) + Na’ * G – z * K
= z * K + f * G + Na’ * G – z * K
= f * G +Na’ * G
= (f + Na’) * G
V = xcoordinate (W)
xcoordinate (W) ≠ xcoordinate (f * G)
Hence, v ≠ d
As Na’ ≠ Na, does not match the time created at the Signature Verification session
Digital signature forgery is the ability to create a message and a signature that are both valid but have never been created by the legitimate Signer. The Proposed Certificateless, Provably Secure ECDSA
Sender: Bob Signature Generation
(d, s) is the signature for the message m
Intruder: Darth Forgery Attack
s’= fake signature
Even though Darth avoids solving p', forging is impossible due to random r'.
The correctness of the algorithm can be tested using the following proof for Forgery Attack:
d: Private key of Sender
m: message
z: hash value of message m
r: random integer number in interval [0, n1].
p = random integer p (secret key of Sender) with 1≤ p ≤ n −1.
s = signature generated by Sender
⊕ = ExOR operation
f = ((z + p) ⊕ (p + r))
s1= fake signature
Signature for the message m is (d, s)
Despite being unable to obtain the Signer's private key, if an attacker can get the Signature for the message m, it is (d, s).
The attacker then wants to forge the Signature.
The attacker even though avoids solving p1, however because of randomness r1, forgery is out of question.
The Weirstrass ECC curves are used for the experiment. The notations of the ECC curve are briefed below:
E: The elliptic curve under consideration, which is defined over the field GF(p) where p is a large prime and consisting of the point at infinity and the points (x, y) satisfying the equation
E: y^{2} = x^{3} + ax + b (mod p) where a and b are constants and 4a^{3} + 27b^{2} ≠ 0 (mod p).
p: A large prime which specifies the field over which the elliptic curve is defined, GF(p).
a and b: Constant curve parameters
x and y: The x and y coordinates of an affine point on the curve.
G: A point on the curve with order n, referred to as the basepoint and forming part of the domain parameters.
P, Q and R: Points on the curve.
#E(GF(p)) or η: The number of points on the curve, also known as the order of the curve.
n: The large prime order of the group of elliptic curve pointsc: A value such that η = #E(GF(p)) = c · n.
d: The private key of a user of the curve such that d ∈ [1, n − 1].
W: The public key of a user of the curve. W is found using the equation W = [d]G.
r ∈ R S: r is randomly chosen from the set S.
The NIST standards for ECC at official the website https://csrc.nist.gov are used for experiment analysis. The performance metrics of the Proposed Certificateless, Provably Secure ECDSA
The results in
The results in
The results in
4.
The results in
5.
The results in
The results in
Due to the wide range of applications in critical sectors, security is essential to the success of every internet application. Researchers have been using a variety of techniques for decades to create reliable digital signature systems that can withstand security flaws. By reducing the amount of elliptic curve mathematical operations, they are also attempting to lower the associated processing expenses. The systematic examination of several versions is evaluated for computing effort and security in terms of thwarting attacks.
The Proposed Certificateless, Provably Secure ECDSA



Hong Zhong et al 
Replay Attack 
Proposed Certificateless, Provably Secure ECDSA 
Replay, MITM Forgery 
To determine the most significant Man in the Middle attack weakness, the security of Hong Zhong's plan is examined, and cryptanalysis is carried out. The cryptanalysis of Hong Zhong scheme attempts to achieve potency by decreasing the reserve standard inverse operations, but it fails to achieve security because an attacker can easily change the message and replace the current message's hash value with a different hash value, negating the scheme's attempts to meet the security requirements for a digital signature. The flaw in its peer Zhong's scheme is fixed by the suggested enhanced ECDSA scheme. The proposed Certificateless, Provably Secure ECDSA
For key generation pairs, Zhong's Method requires 0.564% longer time than the proposed elliptical curve digital signature. The number of keys produced by the proposed ECDSA technique is 1.1% fewer than those produced by Zhong's method, however this is not relevant to our work because we are more concerned with the time factor in realtime applications. Our method is more relevant in real time since the Zhong's Method takes 13.28% less time to sign data than the suggested ECDSA method. The suggested technique stands out in broader application areas where calculation time is a concern since it requires 8.2% less time than Zhong's Method for Signature verification at the Receiver end.