Re: newbie need help (ECC and wireless)
 From: "Joseph Ashwood" <ashwood@xxxxxxx>
 Date: Tue, 16 Jan 2007 03:55:47 GMT
"Peter Pearson" <ppearson@xxxxxxxxxxxxxxx> wrote in message
news:QDOqh.46$aW6.4@xxxxxxxxxxxxxxx
On Mon, 15 Jan 2007 07:13:52 GMT, Joseph Ashwood <ashwood@xxxxxxx> wrote:
"Ray" <ryan1219@xxxxxxxxx> wrote in message
news:1168803246.491440.41640@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi all:
I am not sure if I post in the right place, please inform me if you
know a better place to go.
I am new to encryptography. I review some paper on encryptography and
it seems that ECC is the most suitable
public key algorithm to be implemented on wireless devices. (smaller
and faster compared to RSA)
But I am wondering why it is not widely uesed in commercial
products?
For products it all comes down to business decisions. RSA is the most
widely
recognised name in asymmetric cryptography, and as such is the safest
business decision. As for "best" I will grant that ECC is faster and
smaller, but for situations that require dependable long term security I
admit I often recommend RSA simply because the problem is better
understood,
making it more dependable long term.
But note that NSA's "Suite B", promulgated "to protect
national security systems and information", uses ECC, not
RSA. In fact, publickey cryptographic standards with which
one might reasonably expect NSA to have been involved (e.g.,
DSA) have generally blessed discretelogbased algorithms
rather than factorizationbased algorithms like RSA.
There is a fairly simple reason for that, it has been proven that iDLP is at
least as hard as IFP (through a proof by reduction, there are several
available), since we believe that RSA reduces to IFP and DH reduces to iDLP,
it follows that DH is at least as secure as RSA, and so DHbased solutions
are better than RSAbased solutions where both exist. It is also worth
noting that the NSA appears to only examine things for what we would
consider relatively short term secrets (510 years), anything stronger and
for their usage model a few Marines is cheaper. When I say long term
dependability I'm talking about planning for 50 years of use, and over that
term I feel we can more dependably predict the path of IFP than ecDLP, and
over that term is appears that IFP and iDLP will be the same problem, but it
is often easier to solve and/or prove a solution to a problem using RSA than
DH.
For things where it only needs to be secure for 10 years, and is implemented
by programmers that understand what they are doing (RSA is easier to
describe than ECDH), ECC makes sense. For longer terms than 10 years I think
going conservative becomes extremely critical, and RSA/DHbased solutions
have superior security reliability, even if they are slower, bulkier,
clumsier, etcier.
The NSA Suite B page, at
http://www.nsa.gov/ia/industry/crypto_suite_b.cfm
also discusses the patent situation, which I think Joe
correctly identifies as a source of (probably inappropriate)
hesitatancy.
Regardless, that page makes a good reference on what should be used in many
situations, although I really don't understand why they require 192 or 256
bits AES but don't allow SHA512 (it's not speed SHA384 is the same the
same speed and is allowed).
Joe
.
 FollowUps:
 Re: newbie need help (ECC and wireless)
 From: Douglas A. Gwyn
 Re: newbie need help (ECC and wireless)
 From: David Wagner
 Re: newbie need help (ECC and wireless)
 References:
 newbie need help (ECC and wireless)
 From: Ray
 Re: newbie need help (ECC and wireless)
 From: Joseph Ashwood
 Re: newbie need help (ECC and wireless)
 From: Peter Pearson
 newbie need help (ECC and wireless)
 Prev by Date: Re: How many
 Next by Date: Re: How many
 Previous by thread: Re: newbie need help (ECC and wireless)
 Next by thread: Re: newbie need help (ECC and wireless)
 Index(es):
Relevant Pages
