Certicom Announces Elliptic Curve Cryptography Challenge Winner PDF Print E-mail

Solution required team of mathematicians, 2600 computers and 17 months

 
  "...the fact that this is likely the last of the ECC challenges to be solved in the next few years was a big motivator." -Chris Monico, assistant professor at Texas Tech University, Challenge winner  



MISSISSAUGA, Ontario—April 27, 2004—Certicom Corp. (TSX: CIC), the authority for strong, efficient cryptography, today announced that Chris Monico, an assistant professor at Texas Tech University, and his team of mathematicians have successfully solved the Certicom Elliptic Curve Cryptography (ECC)2-109 Challenge. The effort required 2600 computers and took 17 months. For comparison purposes, the gross CPU time used would be roughly equivalent to that of an Athlon XP 3200+ working nonstop for about 1200 years.

Monico also lead the team that won the ECCp-109 Certicom challenge in 2002. Although the same key length, this challenge was solved over a field of characteristic 2 rather than a prime field.

For those people concerned about data security, this announcement is good news. The key solved in this challenge is well below the strength of commercial standards used by Certicom and many others today, which is ECC 163 or higher. In fact, it would be approximately one hundred million times harder to solve ECC 163.

Why participate in the challenge? “I think public-key cryptography based on ECC is what we should and will be moving toward,” said Monico. “And besides, the fact that this is likely the last of the ECC challenges to be solved in the next few years was a big motivator. The only way to get at the 130-bit level challenges are by a combination of Moore’s law (wait around for computers to get faster) and gathering more computers. Personally, I think it’s unlikely to happen soon.” In addition to the professional incentives, Monico and his team will receive a US $10,000 prize for solving the challenge.

Certicom introduced the ECC Challenge in November 1997. It was developed to increase industry understanding and appreciation for the difficulty of the elliptic curve discrete logarithm problem, and to encourage and stimulate further research in the security analysis of elliptic curve cryptosystems.

There are three challenge levels: Exercises; Level I, comprising 109-bit and 131-bit challenges; and Level II comprising 163-bit, 191-bit and 359-bit challenges. The Exercises and the 109-bit challenges are considered feasible and could be solved in a matter of months, while the 131-bit challenges would require significantly more resources to solve as they are 2000 times more difficult than the 109-bit challenges. All Level II challenges are believed to be computationally infeasible.

“I would like to take this opportunity to congratulate Chris Monico and his team for the great effort. It is our hope that the knowledge and experience gained from the challenge will help show how difficult it is to break an ECC key, even at a relatively small bit length,” said Dr. Scott Vanstone, founder and executive vice-president, strategic technology at Certicom. “ECC is considered a next generation public-key technology that is here today. The NSA demonstrated their trust in the strength of these systems when recently they licensed some of our ECC technology to secure mission critical information.”

Certicom is a pioneer in researching and developing ECC. It is a computationally efficient form of cryptography that offers equivalent security to other competing public-key technologies but with much smaller key sizes. Because of its efficient size, it is especially well suited for mobile devices, mobile middleware, and industrial equipment requiring long battery life. It’s even used in digital postage marks.

In 1997, Certicom developed the industry’s first toolkit to include ECC which has since been adopted by over 300 organizations. Security Builder Crypto, a cross-platform cryptographic toolkit, includes standards-based ECC implementations that are optimized for size and performance on over 30 platforms. Through its Intellectual Property Licensing Program, Certicom provides licenses to organizations that have implemented or are wishing to implement the technologies covered in Certicom’s extensive patent portfolio.

About Certicom
Certicom is a leading provider of wireless security solutions, enabling developers, governments and enterprises to add strong security to their devices, networks and applications. Designed for constrained devices, Certicom’s patented technologies are unsurpassed in delivering the strongest cryptography with the smallest impact on performance and usability. Certicom products and technologies are currently licensed to more than 300 customers including Cisco Systems, Motorola, the National Security Agency, Palm, Research In Motion, Sony Ericsson and Texas Instruments. Founded in 1985, Certicom is headquartered in Mississauga, ON, Canada, with offices in Ottawa, ON; Reston, VA; San Mateo, CA; and London, England. Visit www.certicom.com.

Certicom, Security Builder, Security Builder Crypto, Security Builder SSL, Security Builder PKI, Security Builder GSE, movianVPN, movianCrypt and movianMail are trademarks or registered trademarks of Certicom Corp. MOTOROLA and the Stylized M Logo are registered trademarks in the US Patent & Trademark Office. Java and all other Java-based marks are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. The Bluetooth trademarks are owned by their proprietor and used by Motorola, Inc. under license. All other companies and products listed herein are trademarks or registered trademarks of their respective holders.

Forward-Looking Statements
Except for historical information contained herein, this news release contains forward-looking statements that involve risks and uncertainties. Actual results may differ materially. Factors that might cause a difference include, but are not limited to, those relating to the acceptance of mobile and wireless devices and the continued growth of e-commerce and m-commerce, the increase of the demand for mutual authentication in m-commerce transactions, the acceptance of Elliptic Curve Cryptography (ECC) technology as an industry standard, the market acceptance of our principal products and sales of our customer's products, the impact of competitive products and technologies, the possibility of our products infringing patents and other intellectual property of fourth parties, and costs of product development. Certicom will not update these forward-looking statements to reflect events or circumstances after the date hereof. More detailed information about potential factors that could affect Certicom's financial results is included in the documents Certicom files from time to time with the Canadian securities regulatory authorities.

The shares of the company described above have been offered only to qualified institutional buyers in reliance on Rule 144A under the Securities Act of 1933, as amended (the "Securities Act"), and outside the United States pursuant to Regulation S of the Securities Act. The shares have not been registered under the Securities Act and may not be offered or sold in the United States or to a U.S. Person absent registration or an applicable exemption from registration requirements.

This press release does not constitute an offer to sell or the solicitation of an offer to buy any security and shall not constitute an offer, solicitation or sale in any jurisdiction in which such offering would be unlawful.


For further information, please contact:

For Certicom   
Tim Cox Brendan Ziolo  
ZingPR Certicom Corp.  
(650) 369-7784 (613) 254-9267  
This e-mail address is being protected from spambots. You need JavaScript enabled to view it This e-mail address is being protected from spambots. You need JavaScript enabled to view it