Performance Comparison between Signature Cryptography: A Case Study on SNAP Indonesia

Authors

  • Moehammad Ramadhoni Universitas Pradita
  • Handri Santoso Universitas Pradita

DOI:

10.33395/sinkron.v8i4.12819

Keywords:

cryptographic, ECC, HMAC, performance, RSA, SNAP, ZK-SNARK

Abstract

SNAP (Standar Nasional OPEN API Pembayaran) was submitted by several sub-working groups formed jointly by ASPI and the Bank of Indonesia for encouraging digital transformation in the banking industry. In the document Pedoman Tata Kelola (Bank of Indonesia, n.d.), there is the use cryptographic algorithms that are used as validation for third parties to use the Open API. The algorithms used in the document are HMAC and RSA. The third party will send the signature in the API header along with the sent API payload. The signature describes the body payload, the endpoint URL that was called by the third party, and the time when the API call was made, so the signature will change all the time. However, there are other algorithms that can be used as a form of validation, such as ECC and ZK-SNARK. In this journal, the performance of the four cryptographic algorithms is compared. The performance we compare is overall speed when creating the signature and verifying it. The result is that HMAC is the most efficient algorithm, but for financial data, it is better to use ECC which uses asymmetric keys and is faster than RSA contained in the SNAP document, especially when 256 bits security level that ECC could be 10 times faster then RSA.

GS Cited Analysis

Downloads

Download data is not yet available.

References

Aranha, D. F., Housni, Y. E., & Guillevic, A. (2022). A survey of elliptic curves for proof systems. Cryptology ePrint Archive, Paper 2022/586. https://eprint.iacr.org/2022/586

Bafandehkar, M., Yasin, S. M., Mahmod, R., & Hanapi, Z. M. (2013). Comparison of ECC and RSA algorithm in resource constrained devices. https://doi.org/10.1109/icitcs.2013.6717816.

Baghery, K., Kohlweiss, M., Siim, J., & Volkhov, M. (2020). Another Look at Extraction and Randomization of Groth’s zk-SNARK. Cryptology ePrint Archive, Paper 2020/811. https://eprint.iacr.org/2020/811

Bank of Indonesia (n.d) Pedoman Tata Kelola SNAP. Retrieved May 01, 2023, from https://bi.go.id/id/layanan/Standar/SNAP/Documents/SNAP_Pedoman_Tata_Kelola.pdf

Bank of Indonesia (n.d) Standar Data Spesifikasi Teknis SNAP. Retrieved May 01, 2023, from https://apidevportal.bi.go.id/snap/docs/standar-data-spesifikasi-teknis

Bank of Indonesia (n.d) Standar Teknis Keamanan SNAP. Retrieved May 01, 2023, from https://apidevportal.bi.go.id/snap/docs/standar-teknis-keamanan

Barreto, P. S. L. M., & Naehrig, M. (2006). Pairing-friendly elliptic curves of prime order. In B. Preneel & S. Tavares (Eds.), Selected Areas in Cryptography (Vol. 3897, pp. 319–331). Springer Berlin Heidelberg. https://doi.org/10.1007/11693383_22

Bin Uzayr, S. (2022a). Mastering golang: A beginner’s guide (1st ed.). CRC Press. https://doi.org/10.1201/9781003310457

Bin Uzayr, S. (2022b). Golang: The ultimate guide (1st ed.). CRC Press. https://doi.org/10.1201/9781003309055

Buterik, Vitalik. (2021) An approximate introduction to how zk-SNARKs are possible. Retrieved May 06, 2023, from https://vitalik.ca/general/2021/01/26/snarks.html

Dwivedi, A. D., Singh, R., Ghosh, U., Mukkamala, R. R., Tolba, A., & Said, O. (2022). Privacy preserving authentication system based on non-interactive zero knowledge proof suitable for Internet of Things. Journal of Ambient Intelligence and Humanized Computing, 13(10), 4639–4649. https://doi.org/10.1007/s12652-021-03459-4

Dymora, P., & Paszkiewicz, A. (2020). Performance analysis of selected programming languages in the context of supporting decision-making processes for industry 4.0. Applied Sciences (Switzerland), 10(23), 1–17. https://doi.org/10.3390/app10238521

Effendy, F., Taufik, & Adhilaksono, B. (2019). Performance Comparison of Web Backend and Database: A Case Study of Node.JS, Golang and MySQL, Mongo DB. Recent Advances in Computer Science and Communications, 14(6), 1955–1961. https://doi.org/10.2174/2666255813666191219104133

El Housni, Y., & Guillevic, A. (2022). Families of snark-friendly 2-chains of elliptic curves. In O. Dunkelman & S. Dziembowski (Eds.), Advances in Cryptology – EUROCRYPT 2022 (Vol. 13276, pp. 367–396). Springer International Publishing. https://doi.org/10.1007/978-3-031-07085-3_13

Ethereum.Org .(n.d). Zero-knowledge proofs. Retrieved May 06, 2023, from https://ethereum.org

Gaba, G. S., Hedabou, M., Kumar, P., Braeken, A., Liyanage, M., & Alazab, M. (2022). Zero knowledge proofs based authenticated key agreement protocol for sustainable healthcare. Sustainable Cities and Society, 80, 103766. https://doi.org/10.1016/j.scs.2022.103766

Gautam Botrel, Thomas Piellard, Youssef El Housni, Ivo Kubjas and Arya Tabaie. Gnark. 2023. Retrieved from https://github.com/ConsenSys/gnark

Gong, Y., Jin, Y., Li, Y., Liu, Z., & Zhu, Z. (2022). Analysis and comparison of the main zero-knowledge proof scheme. In Proceedings - 2022 International Conference on Big Data, Information and Computer Network, BDICN 2022 (pp. 366–372). Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/BDICN55575.2022.00074

Groth, J. (2016). On the size of pairing-based non-interactive arguments. In M. Fischlin & J.-S. Coron (Eds.), Advances in Cryptology – EUROCRYPT 2016 (Vol. 9666, pp. 305–326). Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-662-49896-5_11

Harjoseputro, Y., Albertus Ari Kristanto, & Joseph Eric Samodra. (2020). Golang and NSG Implementation in REST API Based Third-Party Sandbox System. Jurnal RESTI (Rekayasa Sistem Dan Teknologi Informasi), 4(4), 745–750. https://doi.org/10.29207/resti.v4i4.2218

Housni, Y. E., & Guillevic, A. (2021). Families of SNARK-friendly 2-chains of elliptic curves. Cryptology ePrint Archive, Paper 2021/1359. https://doi.org/10.1007/978-3-031-07085-3_13

Hunacek, M. (2023). Introduction to number theory (1st ed.). Chapman and Hall/CRC. https://doi.org/10.1201/9781003318712

Husufa, N., & Prihandi, I. (2022). Optimizing JMeter on performance testing using the bulk data method. Journal of Information Systems and Informatics, 4(2), 205–215. https://doi.org/10.51519/journalisi.v4i2.244

K. Moriarty, B. Kaliski, J. Jonsson, and A. Rusch. PKCS #1: RSA Cryptography Specifications Version 2.2. RFC 8017, 2016. https://datatracker.ietf.org/doc/html/rfc8017.

Kim, J., Lee, J., & Oh, H. (2020). Simulation-extractable zk-SNARK with a single verification. IEEE Access, 8, 156569–156581. https://doi.org/10.1109/ACCESS.2020.3019980

Konkin, A., & Zapechnikov, S. (2023). Zero knowledge proof and ZK-SNARK for private blockchains. Journal of Computer Virology and Hacking Techniques. https://doi.org/10.1007/s11416-023-00466-1

Kristanto, A. A., Harjoseputro, Y., & Samodra, J. E. (2020). Implementasi Golang dan New Simple Queue pada Sistem Sandbox Pihak Ketiga Berbasis REST API. Jurnal Rekayasa Sistem Dan Teknologi Informasi (RESTI), 4(4), 745–750.

LabStack.(n.d). Echo. 2021. Retrieved from https://github.com/labstack/echo.

Lenstra, A. K., & Verheul, E. R. (2001). Selecting Cryptographic Key Sizes. Journal of Cryptology, 14(4), 255–293. doi:10.1007/s00145-001-0009-4

Li, W. H., Zhang, Z. Y., Zhou, Z. B., & Deng, Y. (2022, July 1). An Overview on Succinct Non-interactive Zero-knowledge Proofs. Journal of Cryptologic Research. Chinese Association for Cryptologic Research. https://doi.org/10.13868/j.cnki.jcr.000525

National Institute of Standards and Technology. Federal Information Processing Standards FIPS PUB 186-4: Digital Signature Standard (DSS), 2013. https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf

National Institute of Standards and Technology. Federal Information Processing Standards FIPS PUB 180-4: Secure Hash Standard, 2015. https://nvlpubs.nist.gov/nistpubs/ FIPS/NIST.FIPS.180-4.pdf.

Setty, S. (2020). Spartan: Efficient and general-purpose zksnarks without trusted setup. In D. Micciancio & T. Ristenpart (Eds.), Advances in Cryptology – CRYPTO 2020 (Vol. 12172, pp. 704–737). Springer International Publishing. https://doi.org/10.1007/978-3-030-56877-1_25

Toyib, R., & Darnita, Y. (2020). Pengamanan Data Teks Dengan Menggunakan Algoritma Zero-Knowledge Proof. JURNAL MEDIA INFOTAMA, 16(1). https://doi.org/10.37676/jmi.v16i1.1114

Tyagi, S., & Kathuria, M. (2022). Role of Zero-Knowledge Proof in Blockchain Security. In 2022 International Conference on Machine Learning, Big Data, Cloud and Parallel Computing, COM-IT-CON 2022 (pp. 738–743). Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/COM-IT-CON54601.2022.9850714

Ullah, S., Zheng, J., Din, N., Hussain, M. T., Ullah, F., & Yousaf, M. (2023). Elliptic Curve Cryptography; Applications, challenges, recent advances, and future trends: A comprehensive survey. Computer Science Review, 47, 100530. https://doi.org/10.1016/j.cosrev.2022.100530

Wahby, R. S., Tzialla, I., Shelat, A., Thaler, J., & Walfish, M. (2018). Doubly-efficient zksnarks without trusted setup. 2018 IEEE Symposium on Security and Privacy (SP), 926–943. https://doi.org/10.1109/SP.2018.00060

Downloads


Crossmark Updates

How to Cite

Ramadhoni, M. ., & Santoso, H. . (2023). Performance Comparison between Signature Cryptography: A Case Study on SNAP Indonesia. Sinkron : Jurnal Dan Penelitian Teknik Informatika, 7(4), 2327-2335. https://doi.org/10.33395/sinkron.v8i4.12819

Issue

Vol. 7 No. 4 (2023): Article Research Volume 7 Issue 4, October 2023

Section

Articles

License

Copyright (c) 2023 Moehammad Ramadhoni, Handri Santoso

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

Crossref
Scopus
Google Scholar
Europe PMC

Most read articles by the same author(s)

1 2 > >>