Featured Research

from universities, journals, and other organizations

Date:
May 12, 2009
Source:
European Science Foundation
Summary:
Rapidly rising cyber crime and the growing prospect of the Internet being used as a medium for terrorist attacks pose a major challenge for IT security. Cryptography is central to this challenge, since it underpins privacy, confidentiality, and identity, which together provide the fabric for e-commerce and secure communications. Now, a new approach based on the mathematical theory of elliptic curves has emerged as a leading candidate for more efficient cryptography capable of providing the optimum combination of security and processing efficiency.

Rapidly rising cyber crime and the growing prospect of the Internet being used as a medium for terrorist attacks pose a major challenge for IT security. Cryptography is central to this challenge, since it underpins privacy, confidentiality, and identity, which together provide the fabric for e-commerce and secure communications.

Cryptography since the beginning of the Internet has been based extensively on the RSA public key system, used for digital signatures and the exchange of private keys that in turn encrypt message content. The RSA cryptosystem, introduced by Rivest, Shamir, and Adlement in 1977, relies for its security on the difficulty of working out the factors dividing large integers (whole numbers). RSA has performed well until now, but the level of protection it provides has been eroded by constant efforts to develop more efficient methods for breaking it.

However a different approach based on the mathematical theory of elliptic curves has emerged as a leading candidate for more efficient cryptography capable of providing the optimum combination of security and processing efficiency. Elliptic curves are equations with two variables, say x and y, including terms where both x and y are raised to powers of two or more (in the form y2 = x3 + ax + b). The theory of elliptic curves played an important role in the solution of the famous problem, Fermat’s Last Theorem, in the early 1990s, and also ironically has been exploited for attacks on RSA cryptography.

The potential for elliptic curves and other modern techniques of mathematics were discussed at a recent workshop organised by the European Science Foundation (ESF), which set the stage for development of a programme of European-wide research on the field.

“The impact of the elliptic curve method for integer factorisation (developed by my PhD advisor Hendrik Lenstra) has played a role in introducing elliptic curves to cryptographers, albeit for attacking the underlying problem on which RSA is based (the difficulty of factoring integers),” said David Kohel, convenor of the ESF workshop, from the Institut de Mathematiques de Luminy in Marseille, France.

Indeed it so happened that elliptic curves started to be applied to both number factorisation and cryptography at about the same time, in the late 1980s. At first the application to factorisation advanced much more quickly, while the technical difficulty involved held back elliptic curve cryptography. But the very success of elliptic curve factorisation started to undermine the security of RSA, since this relies on the difficulty of factorising the product of two prime numbers. This in turn has stimulated development of elliptic curve cryptography in more recent years, said Kohel. So having first undermined the prevailing RSA method of cryptography, the sophisticated mathematics of elliptic curves has itself come to the rescue.

As Kohel noted, the advantage of elliptic curve cryptography lies in its immunity to the specialised attacks that have eroded the strength of RSA, with the result that smaller keys can be used to provide a given level of protection. “The size of the parameters (essentially the key size) for elliptic curve cryptography (ECC) needed to ensure security (under our current state of understanding) is much lower for ECC than for RSA or ElGamal (another alternative cryptographic method,” said Kohel. Indeed keys 160 bits long provide ECC with the same level of security as 1024 bit keys for RSA.

The consequence is that even though the algorithms (series of steps to calculate a result) required to implement ECC are actually more complex than for RSA, it is computationally more efficient. In effect then ECC will make it easier to stay a step ahead of the hackers without undue load on computers.

“In general, the cryptographer has the benefit over the cryptanalyst (the person attacking the cryptosystem) as he or she can select the key size for any desired level of security (measured in 'cost' either in euros or computer-years), provided everyone has the same base of knowledge of best attacks on the underlying cryptosystem,” Kohel noted.

Crucially, even with RSA, it is still much harder computationally to break the system than to use it, but as Kohel pointed out this margin is greater for ECC.

The ESF workshop was highly successful in bringing together mathematicians and computer specialists whose combined expertise is required to implement complex cryptographic algorithms. As Kohel noted, there has always been a time lag in exploiting mathematical advances in cryptography, because the engineers responsible for implementation take some years to grasp the technical complexities of the algorithms.

Story Source:

The above story is based on materials provided by European Science Foundation. Note: Materials may be edited for content and length.

European Science Foundation. "Mathematical Advances Strengthen IT Security." ScienceDaily. ScienceDaily, 12 May 2009. <www.sciencedaily.com/releases/2009/05/090511122614.htm>.
European Science Foundation. (2009, May 12). Mathematical Advances Strengthen IT Security. ScienceDaily. Retrieved July 23, 2014 from www.sciencedaily.com/releases/2009/05/090511122614.htm
European Science Foundation. "Mathematical Advances Strengthen IT Security." ScienceDaily. www.sciencedaily.com/releases/2009/05/090511122614.htm (accessed July 23, 2014).

More Computers & Math News

Wednesday, July 23, 2014

Featured Research

from universities, journals, and other organizations

Featured Videos

from AP, Reuters, AFP, and other news services

Google Plans To Speed Up Web Pages With New Image Format

Google Plans To Speed Up Web Pages With New Image Format

Newsy (July 21, 2014) — Google is using compressed images in WebP format to help boost page loading times. The files are 25-to-34 percent smaller than PNGs and JPEGs. Video provided by Newsy
Uruguayan Creates Chess Game for Multiple Opponents

Uruguayan Creates Chess Game for Multiple Opponents

AFP (July 19, 2014) — It no longer takes two to play chess – or at least according to a new version of the game invented by Uruguayan Gabriel Baldi, where up to four opponents can play. Duration: 00:31 Video provided by AFP
Clock Ticks Down on Internet Speed Debate

Clock Ticks Down on Internet Speed Debate

Reuters - US Online Video (July 18, 2014) — The FCC received more than 800,000 comments on whether and how internet speeds should be regulated, even crashing its system. Lily Jamali reports. Video provided by Reuters

Newsy (July 18, 2014) — The European Commission asked Google and Apple not to label apps "free" if they include in-app purchases. Google has complied; Apple has resisted. Video provided by Newsy

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):

Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:

Breaking News:
from the past week

In Other News

... from NewsDaily.com

Save/Print:
Share:

Free Subscriptions

Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile

Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?

Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile iPhone Android Web