RSA Data Security: Cautious welcome for elliptic curve crypto What are companies like Sun saying? By Elinor Mills

January  1998

Mail this article to a friend

ECC, which uses complex mathematical functions to scramble data, not only offers more crypto strength in a smaller key length than RSA, but is regarded as being faster and requiring less processing power -- making it ideal for smartcards and mobile phones. The added bonus is that ECC technology is available free of charge.

Certicom Corp. has a patent on a specific implementation of the ECC technology, but developers are free to use ECC algorithms in the public domain to create their own implementations. They only pay a licensing fee if they want to use a particular company's technology.

RSA announced at its RSA Data Security Conference here this week that it will release by mid-year its BSafe 4.0 toolkit which will include ECC algorithms. RSA also is letting 50 select developers field test the toolkit including Microsoft Corp., Intel Corp., and Netscape Communications Corp.

The announcements came after the company removed from its Web site a statement urging developers to be cautious with ECC use because of its infant status in the market. The actions are not related to the fact that RSA's patent on its popular encryption technology expires in 2000, officials said.

"We've had more experience with ECC ourselves since the last conference" a year ago, said Gary Kinghorn, director of product marketing for RSA. "Now is the time, clearly, to get it more exposure and use, at least in prototype applications," he said, adding that RSA customers have been asking for ECC.

Kinghorn predicted that it will be "a long time" before ECC sees widespread use, and he said he anticipates ECC-based applications to begin rolling out in 1999.

Victor Wheatman, an analyst at market researcher GartnerGroup Inc., said he sees ECC being put to use in smartcards, as well as in TV set-top devices. "It fits in the processor-challenged space," he said.

Varying opinions
Other firms at the RSA Data Security Conference had mixed enthusiasm for ECC.

IBM will probably participate in RSA's BSafe ECC field test because IBM is already a licensee of RSA, said Nev Zunic, program manager of IBM's cryptography center of competence. IBM has internal implementations of ECC and has found it to be relatively strong, he said. But he added that "it will take a while before the public is comfortable with this new technology."

Zunic predicted that RSA and ECC will co-exist because they are suitable for different environments. ECC is being targeted at constrained environments such as handheld devices with limited memory and processing power. RSA has been used in those cases, but is predominantly used in personal computers and larger machines.

Sun Microsystems Inc. is "agnostic on this issue," said Chris Tolles, Internet commerce and security marketing manager for Sun. "It's currently still a theory thing as far as we're concerned," he said. "We haven't seen a lot of customer demand."

JavaSoft Inc. has tested ECC "so we know it can be used," but whether the firm will license it or not depends on patent restrictions, said Li Gong, senior engineering manager for Java Security Architecture, who was also attending the conference.

Meanwhile, customers of C2Net Software Inc. won't likely see ECC in the firm's encryption products any time soon. "We're really happy with RSA and we see no reason to switch to ECC technology," said Doug Barnes, vice president of development at C2Net. "It's a much less proven technology."

Regardless of the hesitation in some areas, more than 20 firms have licensed Certicom's ECC implementation in its Security Builder toolkit and another 50 are evaluating it, according to Certicom President and CEO Philip Deck. Motorola Corp. is licensing Certicom's ECC technology for use in pagers, and just this week 3Com Corp. announced its plans to use the technology in its PalmPilot devices.

Certicom is definitely ahead of the pack. "We are the only company in the world with a shipping product," Deck boasted.

While he said Certicom's ECC technology won't be competing directly with RSA's, Deck said it will compete technically with RSA. "RSA has warned people that they don't think ECC is faster than RSA is," but RSA hasn't backed up that claim, he said. Certicom's patented technology governs how to increase the speed of ECC, Deck added.

ECC proponent Cylink Corp. talks about the technology with guarded optimism.

"Right now there are some questions about ECC," said Chuck Williams, chief scientist at Cylink which offers ECC as an option in its key recovery encryption products. The industry can't be confident of a new encryption technology until researchers have had time to try to crack it, according to Williams.

"Everybody should be skeptical of a new crypto system," he said.

Resources

• "Elliptic curve cryptosystems -- ready for prime time," Dr. Dobb's article http://www.ddj.com/oped/1998/menezes.htm
• Certicom http://www.certicom.com/
• RSA http://www.rsa.com/

If you have technical problems with this magazine, contact webmaster@sunworld.com

URL: http://www.sunworld.com/swol-01-1998/swol-01-elliptic.html
Last modified: