NSA specifies elliptic-curve crypto for security applications By Loring Wirbel EE Times 03, 2005 (10:11 H EST) COLORADO SPRINGS, Colo. — The National Security Agency has specified elliptic-curve cryptography (ECC) for a wide range of key agreement and digital signature tasks. The decision boosts the fortunes of ECC originator Certicom Corp. (Missisauga, Ontario). The announcement follows NSA's licensing of Certicom algorithms last fall for a program in which NSA will actively work with suppliers of secure modules for government applications. The spy agency's support of ECC protocols represents an interesting turn in NSA's continued analysis of private- and public-key crypto systems. Previously, NSA had opposed wide industry use of public-key crypto. The agency influenced the design of the original private-key Data Encryption Standard, and tried to push companies toward use of the agency-developed Clipper/Capstone crypto-chip program. In the mid-1990s, NSA in effect threw in the towel, maintaining a hands-off approach to the development of the Advanced Encryption Standard while acknowledging that widespread use of public-key cryptosystems would be acceptable. Last October, the agency referred to ECC as one of the few public-key systems that could meet equivalent security standards to the private-key AES. NSA (Fort Meade, Md.) is recommending a series of algorithms called "Suite B" for securing sensitive and unclassified data. Suite B includes Elliptic- Curve Menezes-Qu-Vanstone and Elliptic-Curve Diffie-Hellman for key agreement, along with the Elliptic Curve Digital Signature Algorithm for digital signatures. AES and Secure Hashing Algorithm also are included in Suite B. http://www.eet.com/sys/news/showArticle.jhtml?articleId=60404977 -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 61.222.173.26