In an effort to offer secure e-commerce on mobile devices over a range of wireless network technologies, Motorola in Schaumburg, Illinois, has announced an alliance with Certicom in Hayward, California, for a large-scale deployment of Certicom's elliptic-curve cryptography (ECC).
ECC calculates the number of points on a curve and uses that information to generate keys to secure data. ECC is being watched closely by manufacturers of wireless products. The algorithms ECC uses to encode data require less computational power than more conventional Internet coding, and could be better suited for lower-powered processors in wireless devices. Security is expected to be a key to the success of "m-commerce" conducted over mobile devices.
However, the strength of ECC has been questioned. Last month, for example, a large distributed network of worldwide computers cracked 109-bit ECC key in a Certicom-sponsored challenge known as ECC2K.108. According to the French National Institute for Research in Computer Science and Control (INRIA), which announced the results, the 109-bit key was discovered in a four-month brute-force effort by 9,500 computers.
INRIA member Robert Harley said the computation was only about one-tenth of what normally should be required to crack a 109-bit curve, because Certicom chose a curve with properties that helped speed the attack. He said the challenge highlighted the weaknesses of some curves with special properties and that random curves are best for optimal security.
If Certicom had used different curves or a random curve, the challenge wouldn't have succeeded, said Richard Depew, executive vice president of field operations at Certicom. He noted that the National Institute of Standards and Technology has endorsed 163-bit ECC and Wireless Application Protocol standards that will be used with the devices.
But some question the possible ECC weaknesses the challenge revealed. "I would not want a security code that can be broken with today's technology in four months on any of my devices or systems," said David Cafaro, an information technology manager.
Depew argued that over the next decade, as parallel computing systems get stronger and more computing power can be gathered in distributed networks, no encryption system will be infallible. He said such systems should be built to maintain confidentiality for a given time, not forever.
"If we make the assumption that 10 years from now there will be enough computing power to crack a 163-bit elliptic curve or 1,024-bit RSA, then we will go to 2,048-bit RSA or 192-bit ECC," said Depew.