Elliptic Curve Cryptography

The Next-Generation Internet Security Technology

Sheueling Chang, Sun's first female distinguished engineer, leads the Next Generation Cryptography project in Sun Laboratories. Sheueling and her team are investigating cryptographic technologies for next-generation Internet security and designing the software, protocols, and hardware to accelerate these technologies.

We asked Sheueling to share her thoughts on how Elliptic Curve Cryptographic technology is shaping the future of Internet security.

Q. What Is Elliptic Curve Cryptography (ECC)?

A: Elliptic Curve Cryptography is a new form of encryption scheme that can be used on the Internet to protect data security. This scheme uses a much smaller key size compared to the predominant technology that's used today, called RSA (the Rivest-Shamir-Adleman algorithm). It is a particularly efficient technique for small handheld devices such as cell phones, PDAs, and smartcards. This technology was endorsed in the year 2000 by the U.S. government and is rapidly becoming part of the fabric of the Internet security infrastructure.

Encryption technology is what we use to protect data transmission on the Internet today. When you make a purchase at Amazon.com or make a payment on eBay, you send credit card numbers and personal information over the Internet. "Encryption" is used to scramble the data into unreadable bits and bytes before sending it across the wire. Anyone who eavesdrops on the Internet can access the bits and bytes, but cannot make sense of the data. Only the intended receiver can easily unscramble the data to retrieve confidential information.

Q. How can Internet users benefit from the Elliptic Curve technology?

A: RSA is the most commonly used public key encryption scheme on the Web today. However, it is far too compute intensive for small, lightweight devices. These devices have become extremely popular, but have a very limited amount of memory and computational power. They are not as well equipped as home PCs for doing RSA computation. People who are using these devices are unwilling to cope with any decreased security, yet they like the convenience of the devices. Security and privacy on these tiny devices can become an even greater concern for consumers as they conduct more and more secure transactions.

ECC is crucial for today's wireless platforms — cell phones, handheld PDAs, smart cards, and more, because ECC can run very efficiently on these tiny devices and yet provide the same high level of security protection.

The beauty of the Elliptic Curve cryptographic technology is that it uses very small keys and is a much more efficient encryption scheme. For example, most Web sites on the Internet today use 1024-bit RSA keys. Using ECC, one would only need 160-bit keys to provide the same level of security protection. In addition, ECC can be computed four times more efficiently.

Faster and more powerful computers are rapidly coming to the market that help enable attackers to crack computer systems. The current 1024-bit RSA key size is adequate for commerce transactions today, but, by the end of the decade, 2048-bit RSA keys will be needed to maintain adequate security. ECC, for equivalent security, will only require 230-bit keys, and is 10 times more efficient to compute.

Q. How will ECC change things for IT?

A: Businesses today are very global. Corporate IT managers are constantly faced with the challenges of providing remote access for a mobile workforce. Smart card tokens are a great mechanism for providing employees with remote access to an internal corporate network. ECC technology can play a very important role in the success of smart card deployment.

In the data center, with ECC's smaller key size requirements and the reduced need for computational power, IT will be able to utilize fewer servers for providing secure connections. IT managers will benefit from having fewer servers to support, better security for remote access, and the overall costs of providing encryption services will drop.

IT professionals can look forward to the next generation Web server in Sun's Java Enterprise System, the Mozilla browser in Java Desktop System, Sun's Java Card technology, and the newer version of Apache/OpenSSL, which will all be enabled with the ECC technology.

Q. Are keys easier to generate with ECC?

A: Yes, generating RSA keys is quite time consuming. This is because each RSA key relies on having two very large prime integers. A computer must run for a long time to search for huge numbers that cannot be subdivided. ECC keys do not need to be prime, thus making the generation of key pairs a much easier task. This reduction in computation complexity makes ECC cheaper to deploy as a security system on all platforms, particularly on small devices. For instance, if you need to issue smart cards for a healthcare system to millions of customers, generating so many RSA keys on smart token devices is not a trivial task.

Q. Do you think RSA will go away entirely once ECC is adopted?

A: Old technologies are slow to go away because they are already embedded in so many existing systems. However, RSA will most likely fade away over time as more and more lightweight devices are connected to the Internet. The advantages of ECC, particularly for mobile devices, will enable this technology to become the most prominent security technology on the Internet.

Q. What is Sun doing to encourage the adoption of ECC technology?

A: For a new security technology like this to be successful, it must be integrated with the applications and the security protocols. In addition, the security protocol needs to be standardized to ensure interoperability across the industry.

Sun is the first company to bring this technology into mainstream usage on the Internet in an open source forum. Sun took an extremely drastic approach. First, Sun provisioned this technology in its own product line. Secondly, Sun contributed an implementation of ECC technology and checked it into the two dominant open source security libraries, OpenSSL and Mozilla/NSS. Thirdly, and most importantly, Sun is driving the standardization of ECC technology within the Internet Engineering Task Force (IETF) organization.

OpenSSL is the security layer that powers the most dominant Web server on the Internet today, the Apache WebServer. NSS is the security layer underlying the Mozilla browser. By placing ECC into these security libraries, Sun has enabled the open source community and the Internet application developers to utilize ECC at no cost. The open source license is very liberal; it's actually free for commercial use. So startup companies that are focusing on smaller, handheld devices will now be able to jumpstart their adoption of this new technology at no cost.

I do believe that open source and standardization is the right approach to drive the proliferation of the ECC technology across the industry. When you truly want to ensure the adoption of a technology on the Internet, keeping it proprietary may not be the best way to make it happen. Instead, when you make it freely available through open source, everyone wins.

More information on ECC technology can be found on the Sun Labs Next Generation Crypto project Web site.

If you'd like to share your thoughts on encryption technology, send Sheueling an email at innercircle@sun.com.