NIST initiative will shine spotlight on Elliptic Curve

A recent initiative at the National Institute of Standards and Technology to broaden the government's Digital Signature Standard (DSS) has increased the visibility of a little-known encryption technology: Elliptic Curve.

NIST last month said it plans to develop a proposed revision to DSS that would allow agencies to use Elliptic Curve (EC) and RSA public-key information security technology as well as the government's Digital Signature Algorithm (DSA) [FCW May 26]. EC encryption a rival to the dominant RSA commercial standard is only beginning to gain recognition although the technology was invented in the 1980s.

But EC cryptography promises significant advantages over RSA and DSA motivating federal agencies to plan pilots around EC and to demand its inclusion as an alternative within the government's DSS.

"Using Elliptic Curve to implement DSA " for example allows "you to sign digital signatures at least a hundred times faster than with RSA " said Phil Deck president of Certicom Corp. the Toronto-based leader in EC technology development. Certicom supports EC implementations of DSA for digital signature and of the Diffie-Hellman system for key exchange Deck said. The company said it is the only firm shipping EC-based products.

EC moreover can be implemented on the less expensive types of smart cards without co-processors according to Sherry Shannon Certicom's vice president for EC technology marketing. RSA cannot be implemented this way she said.

Federal Pilots

Three planned U.S. government EC pilots might begin this calendar year Shannon said. "Government departments want [EC] hardware for their private keys. Agencies are very interested in low-cost implementations especially when dealing with the public not just with other government agencies " she said.

Agencies could start the pilots with the prototype SigGen card developed by Certicom Motorola Inc. and Schlumberger Ltd. Shannon said. Over time they could migrate to a faster co-processor card. Certicom and Motorola are jointly designing such a card.

One of the pending federal EC pilots ties in with the Internet credit card transaction security specification known as Secure Electronic Transaction (SET) Shannon said.

One agency interested in testing EC is the Treasury Department's Financial Management Service which plans a trial in November or December said Gary Grippo FMS' program manger for electronic money.

The project will involve using e-mail to send financial information to companies he said. Although FMS will use the Data Encryption Standard (DES) for encryption it plans to test EC for key exchange and "probably for signing."

FMS is also "interested in seeing Elliptic Curve" in connection with the SET secure credit card transaction standard Grippo said. FMS operates the government's Plastic Card Collection Network.Because of the "performance reasons and efficiency [EC] would have good applications for processing financial transactions " he said. "We intend to test it but in the long run we take our lead from NIST."

NIST Actions

NIST's move "means [that] if there's a strong desire to incorporate those other techniques [into DSS] then we'll probably do it " said Miles Smid manager of the agency's Security Technology Group. Although RSA is more widely implemented EC computes "more rapidly than RSA or DSA " he said. The agency has issued a request for comments in the Federal Register about adding RSA and EC techniques.

A second NIST RFC asks for comments on Diffie-Hellman RSA and EC techniques in connection with the proposed development of a "new federal standard on public-key-based cryptographic key agreement and exchange " said Ed Roback a computer security specialist with NIST's Computer Security Division.

Other Standards Bodies

EC and RSA technologies are also being adopted as standards by the American National Standards Institute and the Institute of Electrical and Electronics Engineers.

According to Blake Greenlee who chairs an ANSI working group on financial industry security technology a 160-bit EC key is as strong as a 1 000-bit RSA key. And EC is "hands down the easiest algorithm to implement in a smart card."

RSA Data Security meanwhile markets products based on the longer-established RSA encryption technology. In a statement contained on RSA Data Security's World Wide Web site the company emphasized the length of time its own technology - developed in the 1970s - has been subjected to scrutiny underscoring its reliability compared with "any other public-key cryptosystem."

--Adams is a free-lance writer based in Arlington Va.