Code and Cipher, published quarterly by Certicom Corp., is an educational newsletter that covers the security and cryptography industry. In each issue we will examine security issues and cryptography trends in an objective manner. We welcome your thoughts, opinions and comments on anything that affects the industry. Please send your feedback on this issue and what you’d like to see in upcoming ones to: codeandcipher@certicom.com.
ANSI was interested in Elliptic Curve Cryptography as far back as 1995 because of its potential for providing strong and efficient security for applications in the financial services industry. This article provides some background on ANSI, and summarizes the key elements of the ANSI X9.62 and X9.63 standards for elliptic curve signatures and key establishment.
As has been demonstrated in past issues of Code and Cipher, ECC is the best option for public-key cryptography when performance is a concern. One area where good performance is important is Internet communication.
Along with RSA and DSA, ECDSA is one of three FIPS-approved methods for asymmetric key functions within FIPS 140-2. Currently, however, unlike RSA and DSA, which have validation systems, ECDSA implementations can only be listed as vendor affirmed. With the growing interest in ECDSA and other ECC-based algorithms for government and financial use, however, a validation system for ECDSA would ensure consistent and secure implementations.
In this issue, Scott discusses the importance of using strong security standards as he looks back to WiFi and forward to Voice over IP.
ECC is included in numerous standards around the world. This issue of Code and Cipher focuses on three key standards bodies that incorporate ECC: ANSI, IETF and NIST.