NSA Turns To Commercial Software For Encryption 264
Roland Piquepaille writes "According to eWEEK, the National Security Agency (NSA) has picked a commercial solution for its encryption technology needs, instead on relying on its own proprietary code. "The National Security Agency has purchased a license for Certicom Corp.'s elliptic curve cryptography (ECC) system, and plans to make the technology a standard means of securing classified communications. In the case of the NSA deal, the agency wanted to use a 512-bit key for the ECC system. This is the equivalent of an RSA key of 15,360 bits." This summary includes the NIST guidelines for public key sizes and contains more details and links about the ECC technology. Since the announcement, Canadian Press reports that Certicom's shares more than doubled in Toronto."
Public key vs. symetric (Score:5, Informative)
A lot of times, people will create symetric keys and then use public key systems to distribute them.
Re:OSS ECC? ECC vs AES (Score:4, Informative)
The difference between ECC and algorithms like RSA, for example, is that elliptic algorithms can work with smaller keysizes, and this should have been noticable from the slashdot post that points out the commercial product uses a smaller keysize than the equiviliant strength RSA key.
Re:OSS ECC? ECC vs AES (Score:0, Informative)
Canada (Score:4, Informative)
Canada has many exceptions to US restrictions. This makes sense. It is cheaper to work together, and we do in many military and space applications.
Our interests are basically very similar, and both countries are generally trustworthy of each other.
The only conflict are on specific policy issues.
It also matters which government is in power in each country.
There have been quite a few times where state and provincial officials have banded together to fight both federal governments.
Plus if it works well, why shouldn't they use it?
This isn't software, it's patents. (Score:5, Informative)
You'll note that they've also got sublicensing rights on those patents. There could be a software component to this deal, but as far I can tell it appears that this is mainly about patents.
Re:Privatization (Score:5, Informative)
So what comes out is a solution that was produced much cheaper than a similar inhouse effort, and this will save the tax payers money (which sounds good to this poor college student.) I have to say I'm surprised at the Agency going after a commercial product for classified purposes, but I'm sure they have good reasons.
Re:Size of key (Score:5, Informative)
Re:Size of key (Score:3, Informative)
As a matter of fact, discrete log problem for ordinary numbers has been improving steadily whereas Elliptic curve group discrete log techniques have not seen significant improvement in the past 20 years. This difference accounts for today's reduced key-size requirements for elliptic curves.
Re:What about license abuse? (Score:5, Informative)
Certicom Corp. (TSX: CIC), a leading provider of wireless security solutions, today announced that the National Security Agency (NSA) in Maryland has purchased extensive licensing rights to Certicom's MQV-based Elliptic Curve Cryptography (ECC) intellectual property. ECC is becoming a crucial technology for protecting national security information.
This agreement will give the NSA a nonexclusive, worldwide license with the right to grant sublicenses of MQV-based ECC covered by many of Certicom's US patents and applications and corresponding foreign rights in a limited field of use. The field of use is restricted to implementations of ECC that are over GF(p), where p is a prime greater than 2256. Outside the field of use, Certicom will retain all rights to the technology for other industries that require the same levels of security, including state and local government agencies. Certicom will continue its policy of making its intellectual property available to implementers of ECC under normal commercial terms on a non discriminatory basis.
Re:Size of key (Score:2, Informative)
Hope that is informative.
Re:OSS ECC? ECC vs AES (Score:2, Informative)
Also between AES and ECC. My guess would be ECC is much more secure than AES. If a 512-bit key for ECC is the equiv of a 15360-bit key in RSA that sounds extremely secure. As far as the last time I checked a 4096-bit RSA key was virtually unbreakable in any normal time span by even the fastest supercomputers built.
Finally what the other replies to your question have been, about comparing apples and oranges: AES is a symmetrical key, meaning, the key that encrypts also decrypts.
Public/Private Key encryption deals with two keys, the public key is freely available to anyone becuase when a message is encrypted with the public key it can not be decrypted with the public key. It must be decrypted with the private, or secret key.
Re:OSS ECC? ECC vs AES (Score:5, Informative)
No, DSA != ECC.
DSA and ECC both do encryption by exponentation, relying on the assumtion that the reverse function - the logarithm - is infeasible with the used keylengths. They are both called "Discrete Logarithm Systems".
But the multiplication is done in completly different mathematical contexts: DSA multiplies in the rings Z/p (that are the natural numbers modulo p, p being a prime) where ECC multiplies in suitable "elliptic curve groups over finite fields" . That are finite sets of "numbers" paired with an complicated operation called "multiplication". These "numbers" behave quiet odd.
The main practical difference is the neccessary keylength. Depending on the chosen eliptic curve, ECC keys are 4-8 times smaller than DSA keys. They get much closer to the "no attack is faster than the brute force attack"-paradigm than other public key algorithms like DSA or RSA.
Unfortunatly, huge classes of suitable elliptic curves got patented.
Google for free ECC software. There are at least some libraries published by academic research groups.
Re:FUD (Score:5, Informative)
The NSA is not lisencing software, it is lisencing the right to use Certicom's ECC cryptosystem. Cryptosystems now are usually known even when proprietary to allow mathematicians and cryptographers the ability to test the security of it. (The RSA cryptosystem for instance is thoroughly explained on RSA's web-site, but you would still need a lisence to use the algorithm in a program)
I found a tutorial by Certicom on their ECC cryptosystem here [certicom.com].
PS. I could be wrong, but from the article it seems that "intellectual property" and "This is the first time that the NSA has endorsed any sort of public-key cryptography system." that they are not actually lisencing software but are in fact lisencing the cryptosystem. If I am wrong, I humbly apologize.
Re:FUD (Score:5, Informative)
This agreement will give the NSA a nonexclusive, worldwide license with the right to grant sublicenses of MQV-based ECC covered by many of Certicom's US patents and applications and corresponding foreign rights in a limited field of use. The field of use is restricted to implementations of ECC that are over GF(p), where p is a prime greater than 2256.
Re:OSS ECC? ECC vs AES (Score:4, Informative)
Evidence for Quantum Computer (Score:5, Informative)
So, when we see the NSA not just adding key bits, but adding bits and then doubling them, we see evidence of countermeasures against quantum computers. This doesn't mean they have quantum computers. Remember that they are not just guarding secrets they transmit today against attack now, but against attack ten years from now, when revelation might still be damaging.
Once we all do have quantum computers, I wonder what amusing revelations will come from cracking old ciphertexts. You can bet the NSA will keep busy at it, and so will the Brits, and the French, and the Germans, and the Russians, and the Israelis. (No doubt a few of the biggest corporations go on that list too.)
Re:512 bits? (Score:2, Informative)
No, you don't. You have to find the factors of a prime number of that length. That leaves significantly less than 2^15630 possibilities, especially if you're using a decent factoring algorithm.
Re:Size of key (Score:2, Informative)
for the rsa key in order to find the approximate number of keys possible you use the simple equation 2^k / (ln 2^k) this gives you an 'approximation' for all possible primes you can have in k-bits.
As for the ECC system I cant remeber the exsact computation off the top of my head to calculate key space but it has a much higher key concentration per bit added to key. not as high as a symetric cryptographic system with a 2^k keyspace but pretty high up there.
As for your reduction useing a ratio it wont work out since they both use diffrent keyspaces.
Re:Size of key (Score:4, Informative)
Note that both ECC and RSA are NP-complete
This has not been proven, nor is it even commonly believed to be true.
Sun and ECC (Score:3, Informative)
Just a Wild Guess, But... (Score:4, Informative)
Re:Size of key (Score:2, Informative)