As part of my role at VISA, I have closely followed many new and emerging security technologies over the years. In the mid 1990’s, I became aware of efforts in the ANSI X9F1 working group to standardize public-key cryptographic protocols based on elliptic curves. My interest sparked, I set out to learn more about these fascinating objects. I learned that elliptic curves had been studied by pure mathematicians for over one hundred years, and first introduced to cryptographers by Hendrik Lenstra when he proposed using them to factor integers. Shortly thereafter, in 1985, Neal Koblitz and Victor Miller independently showed how elliptic curves could be used to implement public-key protocols traditionally implemented using the multiplicative group of a finite field.

Since 1985, the security and efficient implementation of elliptic curve cryptographic systems have been extensively studied. The elliptic curve discrete logarithm problem, whose intractability is fundamental to the security of elliptic curve systems, has weathered umpteen mathematical attacks. Elliptic curve systems have thereby come to be accepted today as the most viable public-key technology for high-security applications. They are also most suitable for constrained environments such as those in which smart cards and personal wireless devices are typically deployed.

Guide to Elliptic Curve Cryptography is an introduction to this fascinating area of cryptography. Two of its authors, Alfred Menezes and Scott Vanstone, are well known for their pioneering research on elliptic curve systems, and for their encyclopedic Handbook of Applied Cryptography, which they co-authored with Paul van Oorschot. Guide to Elliptic Curve Cryptography covers much ground, including the underlying finite field and elliptic curve mathematics, algorithms for implementing the arithmetic, standardized elliptic curve cryptography protocols (including ECDSA and MQV key agreement), and side-channel attacks. Also included are appendices that list sample parameters, standards, and publicly available software tools.

The writing is clear and concise. The authors' objective was to make the book accessible to security practitioners and engineers, and they have succeeded in this regard. Detailed descriptions of the various algorithms are provided, while at the same time the essential concepts and benefits of each algorithm are highlighted. An especially noteworthy feature of the book that will be appreciated by software developers is the extensive set of notes on implementing the algorithms in different software environments.

Guide to Elliptic Curve Cryptography is an indispensable reference for security practitioners interested in deploying public-key cryptography. It is a timely, well-written addition to the cryptographic literature, and will occupy a prominent space in my bookshelf.

Enter to win your own copy today!

Guide to Elliptic Curve Cryptography

Darrel Hankerson, Alfred Menezes and Scott Vanstone
Springer, December 2003, ISBN: 0-387-95273-X; 332 pages
Web: http://www.cacr.math.uwaterloo.ca/ecc/

Guide to Elliptic Curve Cryptography is a comprehensive treatise on the practical aspects of elliptic curve cryptography. Written by Scott Vanstone together with Auburn University professor Darrel Hankerson and University of Waterloo professor Alfred Menezes, it explains the basic mathematics, describes state-of-the art implementation methods, and presents standardized protocols for public-key encryption, digital signatures, and key establishment. In addition, the book addresses some issues that arise in software and hardware implementation, as well as side-channel attacks and countermeasures.

The intended audience for the book comprises security professionals, developers, and those interested in learning how elliptic curve cryptography can be deployed to secure applications. Most of the material should be accessible to anyone with an undergraduate degree in computer science, engineering, or mathematics. In addition, the breadth of coverage and the extensive surveys of the literature included at the end of each chapter should make it a useful resource for the researcher.

Chapter contents:

1. Introduction and Overview
2. Finite Field Arithmetic
3. Elliptic Curve Arithmetic
4. Cryptographic Protocols
5. Implementation Issues
A. Sample Parameters
B. ECC Standards
C. Software Tools
Bibliography
Index

Guide to Elliptic Curve Cryptography was published in December 2003 by Springer as part of their “Springer-Verlag Professional Computing Series”. It can be ordered online through Springer’s web site or from retailers such as Amazon.com and Indigo/Chapters.