Certicom
Certicom
Certicom
Home  >  Code and Cipher

PRESENTED BY:
BILL LATTIN,
CHAIR OF THE SECG INDUSTRY CONSORTIUM
AND CTO, CERTICOM

Of the talks given at the conference, Lattin’s presentation on standards was arguably one of the most relevant to the application of ECC. To paraphrase Lattin, you need to standardize technology or the world won’t buy into it. Dr. Scott Vanstone recognized that when he first began working with ECC and today, 20 years later, ECC is in every major standards group in the world.

In his talk, Lattin summarized the many standards being updated to include ECC. For instance, ANSI is going through its five-year update and in doing so is adding new NIST curves and SHA-2 support and removing composite curves. NIST 800-56 is important because it offers guidance on key agreement and key transport schemes and on what crypto parameters to use, something FIPS 140-2 doesn’t do. NIST SP800-57, which provides recommendations for key management, is targeted at government organizations but has relevance in the commercial sector too as it clearly establishes the strengths and expected lifetimes of various cryptosystems.

Of all the standards discussed, Lattin pointed to ANSI X9.82 as being one of the most important new standards as it deals with random number generation. Without true randomness, security is weak. High quality cryptographically strong random numbers are essential for keys, nonces, digital signatures and many other security mechanisms.

Other standards with recent ECC activity include:

  • ANSI X9.92: Pintsov-Vanstone Signatures for digital postal marks and electronic passports
  • IETF: the use of ECDSA in IPSec/IKE standard
  • IETF: ECC ciphersuites for TLS
  • IETF: Additional algorithms and identifiers for use of ECC with PKIX
  • IETF: ECMQV and ECDSA being added to MIKEY and ECDSA for XML digital signatures
  • IETF: new hash functions for S/MIME and inclusion of ECDSA, ECDH and ECMQV
  • SECG: The SEC 1 & 2 standards are being updated to include AES, SHA-2, and the NIST curves.

Lattin’s presentation underscored the fact that cryptosystems are changing. AES is replacing TDES, NIST has published requirements to migrate to larger bit sizes and with SHA-1 under attack in signature applications, SHA-2 adoption is rapidly growing.

In security circles, one of the most significant standard-related announcements this year is the National Security Agency’s (NSA) Suite B recommendations for using ECC to protect classified and unclassified communications. Not only does Suite B affect government security, but it raises the bar in the commercial industry, setting new best practices for protecting sensitive corporate data.

On October 31, Bill Lattin joined Certicom as its Chief Technology Officer to lead Certicom’s technology strategy. He will continue in his role as chair of The Standards for Efficient Cryptography Group (SECG), an industry consortium founded to develop commercial standards that facilitate the adoption of efficient cryptography and interoperability across a wide range of computing platforms.