Elliptic Curve Cryptography wins more converts

Certicom Corp.'s effort to promote the standardization of its encryption technology has gained momentum with the backing of seven additional companies.

Certicom's Elliptic Curve Cryptography (ECC) can be used for encrypting information and for generating a digital signature, which is encrypted data attached to a transaction to identify the sender.

Among the new members of the industry standards body, known as the Standards for Efficient Cryptography Group (SECG), is Pitney Bowes Inc., a company participating in a public-key-assisted mailing application for the U.S. Postal Service. Other new members include ABN-AMRO Bank, American Express, Deloitte & Touche, Hitachi Ltd., Inter Clear Service Ltd. and Visa International, bringing the group to 30 companies.

ECC, an alternative to the RSA commercial standard for encryption and the government's Digital Signature Algorithm (DSA), is designed to support public-key infrastructure systems. PKI systems combine encryption, digital signatures and other technology to secure digital transactions across the Internet.

ECC provides the same functions as alternative approaches. But because ECC manipulates points on a curve instead of huge prime numbers, as many encryption techniques do, ECC-based signature keys are smaller and faster to calculate, require smaller memory and processing requirements, and offer longer battery life and lower messaging costs, Certicom said.

The National Institute of Standards and Technology plans to add ECC to the federal standard for digital signature, which includes RSA and DSA. "Elliptic Curve tends to be able to use much shorter keys for the same level of security, compared to RSA," said Miles Smid, acting chief of NIST's Computer Security Division.

Pitney Bowes plans to incorporate ECC technology as the program progresses, said Leon Pintsov, a Pitney Bowes fellow. The company is working with USPS as a supplier under the agency's Information-Based Indicia Program, a pilot effort that aims to make automated mailing technology available to a broader spectrum of companies.

The main advantage of ECC is its faster signature computation, compared with conventional RSA signatures, Pintsov said. In the USPS implementation, an RSA signature requires 1,024 bits, whereas an ECC signature requires 320 bits for the same level of security. However, ECC-based digital signatures take longer to verify than RSA signatures, so designers have to weigh the trade-offs for applications, Certicom said.

Because of ECC's size advantage, the technology seems appropriate for constrained environments such as cell phones and smart cards, according to Certicom. Furthermore, an RSA implementation in a cell phone or a smart card also requires a cryptographic co-processor, adding to the cost, whereas an ECC implementation does not, said Bill Lattin, Certicom's director of security infrastructure marketing.

"A lot of [security] technology the federal government uses is not good for small environments" such as smart cards, said Skip Hirsch, Certicom's director of federal operations. ECC was used in a Treasury Department/MasterCard pilot last summer and has been named as an acceptable option under the General Services Administration's Access Certificates for Electronic Services program, which seeks to establish the conditions for secure online citizen-to-government connectivity.

In fact, ECC has been so attractive that multiple ECC implementations by such companies as Hewlett-Packard Co. and Hitachi have emerged, making it essential that interoperability is ensured.

-- Adams is a free-lance writer based in Alexandria, Va. She can be reached at cbadams@erols.com.