Re: ECC Encryption

From: Anne & Lynn Wheeler (lynn_at_garlic.com)
Date: 07/28/04

  • Next message: Ted Huffmire: "MD5 Hash Algorithm" 
    Date: Wed, 28 Jul 2004 15:15:12 -0600

    Nigel Smart <nigel@cs.bris.ac.uk> writes:
    > Public key algorithms are mainly used to transmit symmetric keys which
    > are then used to encrypt the main data. This is true of RSA and ECC.
    >
    > For ECC key gen is fast, as is decryption.
    > For RSA encryption is fast, but key gen and decryption are slow
    >
    > For ECC the message size to send the symmetric key is MUCH smaller
    > than the equivalent message for RSA
    >
    > However, neither is better/worse. They are just different algorithms
    > to achieve the same kind of thing.
    >
    > Of course if you wanted to trasnmit a very small amount of data
    > you "could" use RSA/ECC without the use of a symmetric cipher. But then
    > it all depends on how small your data is.

    another application is authentication & digital signatures ... like in
    fips186-2, dsa, ecdsa, etc. A huge number of the public-key ops that
    go on in the world involve the verification of CA digital signatures
    on domain name certificates (as part of SSL infrastructure).

    the power requirements for ECC is significantly smaller than RSA. for
    chip-cards and hardware tokens implementation strong authentication
    ... they add possibly a 50-100 percent increase in chip circuits to
    try and get the RSA operations down to a second or two (1100 bit
    multipliers doing operations in parallel ... rather than an interative
    loops doing 16-bit or 32-bit operations) ... while ecdsa can be done
    on unenhanced chips within possibly a tenth of a second.

    it isn't so much of an issue with contact (say iso7816) chips (other
    than the difference between 1/10th of a second to one or two seconds)
    since the (relatively) enormous power drain isn't that much of an
    issue.

    However it does become significant issue with proximity chips (say
    iso14443) ... where power is being drawn from RF radiation in the air.
    Either you have to have the card awful close to an enormous RF
    radiating power source .... or if you plan on using type of power you
    would get swiping the card past a metro/transit turnstyle .... you are
    back up to possibly tens of seconds for RSA ... but ecdsa is still
    within the 1/10th or so of second with simple iso14443 proximity power
    profile.

    the issue in the early 90s with chip cards was none of the chips had
    random number generators that were considered of high enuf integrity
    ... and both dsa and ecdsa require quality random number generation
    as part of the digital signature process (or the private key becomes
    vulnerable).

    The trade-off was that RSA on these earlierchips was terribly slow
    .... or required a significantly more costly and power hungry chip,
    however it would be possible to process the message (to be signed)
    externally, include a large random nonce in the body of the message,
    calculate a secure hash of the message ... and simply pass the secure
    hash to the chip and get back the RSA digital signature (and there was
    no issue about whether or not the chip was capable of quality random
    number). however, both dsa and ecdsa required the circuits doing the
    digital signature also be capable of generating a high quality random
    number as part of the digital signature process.

    chips started showing up in the late 90s that had random number
    capability that could be trusted for doing dsa & ecdsa digital
    signatures .... doing them enormously faster than RSA using
    significantly less expensive chips and much less power hungry.

    random past mention of 14443
    http://www.garlic.com/~lynn/aadsm12.htm#8 [3d-secure] 3D Secure and EMV
    http://www.garlic.com/~lynn/aadsm12.htm#21 Smartcard in CD
    http://www.garlic.com/~lynn/aadsm13.htm#15 A challenge
    http://www.garlic.com/~lynn/aadsm13.htm#18 A challenge
    http://www.garlic.com/~lynn/aadsm15.htm#6 x9.59
    http://www.garlic.com/~lynn/2000f.html#77 Reading wireless (vicinity) smart cards
    http://www.garlic.com/~lynn/2002c.html#26 economic trade off in a pure reader system
    http://www.garlic.com/~lynn/2002c.html#36 economic trade off in a pure reader system
    http://www.garlic.com/~lynn/2002d.html#44 Why?
    http://www.garlic.com/~lynn/2002h.html#76 time again
    http://www.garlic.com/~lynn/2002h.html#77 time again
    http://www.garlic.com/~lynn/2002m.html#39 Convenient and secure eCommerce using POWF
    http://www.garlic.com/~lynn/2002n.html#13 Help! Good protocol for national ID card?
    http://www.garlic.com/~lynn/2003h.html#54 Smartcards and devices
    http://www.garlic.com/~lynn/2003j.html#66 Modular Exponentiations on Battery-run devices
    http://www.garlic.com/~lynn/2003l.html#8 14443 protocol information
    http://www.garlic.com/~lynn/2003l.html#64 Can you use ECC to produce digital signatures? It doesn't see
    http://www.garlic.com/~lynn/2003m.html#5 Cryptoengines with usage accounting
    http://www.garlic.com/~lynn/2003n.html#25 Are there any authentication algorithms with runtime changeable
    http://www.garlic.com/~lynn/2003o.html#63 Dumbest optimization ever?
    http://www.garlic.com/~lynn/2004b.html#28 Methods of Authentication on a Corporate
    http://www.garlic.com/~lynn/2004d.html#8 Digital Signature Standards

    random past mention of fips186
    http://www.garlic.com/~lynn/aadsm11.htm#7 Meaning of Non-repudiation
    http://www.garlic.com/~lynn/aadsm11.htm#17 Alternative to Microsoft Passport: Sunshine vs Hai
    http://www.garlic.com/~lynn/aadsm11.htm#38 ALARMED ... Only Mostly Dead ... RIP PKI ... part II
    http://www.garlic.com/~lynn/aadsm11.htm#39 ALARMED ... Only Mostly Dead ... RIP PKI .. addenda
    http://www.garlic.com/~lynn/aadsm12.htm#13 anybody seen (EAL5) semi-formal specification for FIPS186-2/x9.62 ecdsa?
    http://www.garlic.com/~lynn/aadsm12.htm#14 Challenge to TCPA/Palladium detractors
    http://www.garlic.com/~lynn/aadsm12.htm#19 TCPA not virtualizable during ownership change (Re: Overcoming the potential downside of TCPA)
    http://www.garlic.com/~lynn/aadsm13.htm#30 How effective is open source crypto? (aads addenda)
    http://www.garlic.com/~lynn/aadsm14.htm#31 Maybe It's Snake Oil All the Way Down
    http://www.garlic.com/~lynn/aepay10.htm#31 some certification & authentication landscape summary from recent threads
    http://www.garlic.com/~lynn/aepay10.htm#34 some certification & authentication landscape summary from recent threads
    http://www.garlic.com/~lynn/aepay10.htm#36 Identity server infrastructure ... example
    http://www.garlic.com/~lynn/aepay10.htm#46 x9.73 Cryptographic Message Syntax
    http://www.garlic.com/~lynn/aepay10.htm#65 eBay Customers Targetted by Credit Card Scam
    http://www.garlic.com/~lynn/aepay10.htm#66 eBay Customers Targetted by Credit Card Scam
    http://www.garlic.com/~lynn/2000b.html#93 Question regarding authentication implementation
    http://www.garlic.com/~lynn/2001g.html#14 Public key newbie question
    http://www.garlic.com/~lynn/2002e.html#65 Digital Signatures (unique for same data?)
    http://www.garlic.com/~lynn/2002g.html#38 Why is DSA so complicated?
    http://www.garlic.com/~lynn/2002g.html#41 Why is DSA so complicated?
    http://www.garlic.com/~lynn/2002g.html#42 Why is DSA so complicated?
    http://www.garlic.com/~lynn/2002h.html#83 Signing with smart card
    http://www.garlic.com/~lynn/2002i.html#10 Signing email using a smartcard
    http://www.garlic.com/~lynn/2002i.html#78 Does Diffie-Hellman schema belong to Public Key schema family?
    http://www.garlic.com/~lynn/2002j.html#21 basic smart card PKI development questions
    http://www.garlic.com/~lynn/2002j.html#73 How to map a user account to a digital cert?
    http://www.garlic.com/~lynn/2002j.html#82 formal fips186-2/x9.62 definition for eal 5/6 evaluation
    http://www.garlic.com/~lynn/2002j.html#84 formal fips186-2/x9.62 definition for eal 5/6 evaluation
    http://www.garlic.com/~lynn/2002j.html#86 formal fips186-2/x9.62 definition for eal 5/6 evaluation
    http://www.garlic.com/~lynn/2002k.html#11 Serious vulnerablity in several common SSL implementations?
    http://www.garlic.com/~lynn/2002k.html#35 ... certification
    http://www.garlic.com/~lynn/2002l.html#38 Backdoor in AES ?
    http://www.garlic.com/~lynn/2002m.html#44 Beware, Intel to embed digital certificates in Banias
    http://www.garlic.com/~lynn/2002m.html#72 Whatever happened to C2 "Orange Book" Windows security?
    http://www.garlic.com/~lynn/2002n.html#13 Help! Good protocol for national ID card?
    http://www.garlic.com/~lynn/2002n.html#14 So how does it work... (public/private key)
    http://www.garlic.com/~lynn/2002n.html#16 Help! Good protocol for national ID card?
    http://www.garlic.com/~lynn/2002n.html#20 Help! Good protocol for national ID card?
    http://www.garlic.com/~lynn/2003c.html#26 Crypto Standards Organizations
    http://www.garlic.com/~lynn/2003d.html#18 Efficent Digital Signature Schemes
    http://www.garlic.com/~lynn/2003g.html#70 Simple resource protection with public keys
    http://www.garlic.com/~lynn/2003h.html#29 application of unique signature
    http://www.garlic.com/~lynn/2003j.html#30 How is a smartcard created?
    http://www.garlic.com/~lynn/2003k.html#38 Code Sizing for Digital Signature Verification - DSS/DSA
    http://www.garlic.com/~lynn/2003l.html#5 Multiple ECDSA signatures with the same random nonce
    http://www.garlic.com/~lynn/2003l.html#61 Can you use ECC to produce digital signatures? It doesn't see
    http://www.garlic.com/~lynn/2003n.html#23 Are there any authentication algorithms with runtime changeable key length?
    http://www.garlic.com/~lynn/2003n.html#25 Are there any authentication algorithms with runtime changeable
    http://www.garlic.com/~lynn/2003n.html#32 NSA chooses ECC
    http://www.garlic.com/~lynn/2004.html#37 When rsa vs dsa
    http://www.garlic.com/~lynn/2004b.html#22 Hardware issues [Re: Floating point required exponent range?]
    http://www.garlic.com/~lynn/2004f.html#10 racf
    http://www.garlic.com/~lynn/2004h.html#12 ECC book reference, please
    http://www.garlic.com/~lynn/2004h.html#21 Basics of key authentication 

    -- 
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
  • Next message: Ted Huffmire: "MD5 Hash Algorithm"

    Relevant Pages

    • Re: The Chinese MD5 attack
      ... > It would be better if the authentication was outside of the computer. ... with digital signature authentication. ...
      (sci.crypt)
    • Re: Benefits of PKI - 5,000 nodes organization
      ... authentication systems and data integrity. ... validating digital signatures with public keys provide for checks ... the digital signature with the originator's public key and compares the ... duplicate and parallel administrative infrastructure. ...
      (microsoft.public.security)
    • Re: Need a HOW TO create a client certificate for partner access
      ... > information I got from MS and Technet about client certificate. ... it is probably the most pervasive authentication ... infrastructure for performing digital signature verification w/o ... public key and compares the two hashes. ...
      (microsoft.public.windows.server.security)
    • Re: Digital signature with Javascript
      ... reduce to some form of 3-factor authentication ... ... * private key for performing digital signature is kept in an encrypted ... when relying party verifies a digital signature ... ... secret key to decrypt the encrypted file containing the private key. ...
      (sci.crypt)
    • How to use CAPICOM to read Hong Kong Identity No hash value from Hong Kong Smart ID Card
      ... products can read data from Hong Kong Smart ID Card. ... 'hash' value is calculated using the HKPost e-Cert private key to create a digital ... then a hash of the 'digital signature' is got using SHA-1 algorithm. ...
      (microsoft.public.dotnet.security)