Motorola, Certicom ink elliptic crypto deal

In an effort to offer secure e-commerce to mobile devices over a range of wireless network technologies, Motorola Inc. in Schaumburg, Ill., has announced an alliance with Certicom Corp. in Hayward, Calif., for a large-scale deployment of Certicom's elliptic-curve cryptography (ECC).

ECC calculates the number of points on a curve and uses that information to generate keys that secure data. The crypto system is being eyed closely by manufacturers of wireless products, because the algorithms it uses to encode data require less computational power that more conventional cryptography in use on the Internet and could be better suited for lower powered processors in these devices. The need for robust and efficient security is expected to be a key issue behind the success of so-called "m-commerce" conducted over mobile devices.

"Certicom's ECC technology is really important for us. It is a critical piece of being able to secure transactions on (personal digital assistants), phones, pagers and any type of mobile devices," said Liz Altman, senior director of business development and strategic alliance at Motorola. "Our functional goal is to give (customers) a secure, confident feeling as they use mobile devices. We want people to be able to stand in line at the supermarket and check their bank balances."

Using Certicom's ECC and security technology, Motorola plans to provide m-commerce offerings for a broad range of customers, including carriers, financial institutions and application service providers, across various platforms. The agreement includes all wireless devices — pagers, mobile handsets, Wireless Application Protocol (WAP)-enabled phones — as well as wireless network infrastructure components such as WAP-based servers. It also gives Motorola access to Certicom's patent portfolio that encompasses ECC.

Motorola says it will use Certicom products to deploy end-to-end secure wireless transactions over WAP and third-generation wireless networks. According to Certicom, ECC is better suited for this task than more conventional public-key cryptographic algorithms because it supports faster processing speed, reduced bandwidth and decreased battery requirements. Richard Depew, executive vice president of field operations for Certicom, said Motorola devices will be secured with 163-bit ECC. He said that is equivalent to competing 1024-bit RSA encryption. "You can get the same level of security from a much smaller code space and key size, and that's what makes it important in the wireless space," said Depew.

He says ECC also signs digital signatures 100 times faster than RSA keys on a palm-size device with a 386 processor. "For this technology to be deployed and accepted, you must have instantaneous transactions, and it is our belief that consumers will not wait for these things to happen," says Depew.

However, the strength of ECC has been questioned. Last month, for example, a large distributed network of worldwide computers cracked 109-bit ECC in a Certicom-sponsored challenge known as ECC2K.108 (see story). According to the French National Institute for Research in Computer Science and Control (INRIA), which announced the results, the 109-bit key was discovered in a fourth-month brute-force effort by 9,500 computers. While the distributed.net network that helped crack the 56-bit Data Encryption Standard was larger, INRIA said the network that cracked ECC2K.108 involved more computations.

INRIA member Robert Harley reported at the time that the computation was only about one-tenth of what normally should be required to crack a 109-bit curve, because Certicom chose a curve with properties that helped speed up the attack. He said the challenge highlighted the relative weaknesses of some curves with special properties and confirmed that random curves are best for optimal security.

Depew said that if Certicom had used different curves or a random curve, the challenge wouldn't have been successful. He noted that the National Institute of Standards has endorsed 163-bit ECC and WAP standards that will be used with the devices.

But detractors are still wondering about the possible ECC weaknesses the challenge revealed. "I would not want a security code that can be broken with today's technology in four months on any of my devices or systems," said IT manager David Cafaro. "One year from now, when this system is standard, it may take only one month to break it. Two years from now, when it is an entrenched standard, it may take only a few days to break."

Depew argued that over the next decade as parallel computing systems get stronger and more computing power can be gathered together in distributed networks, no cryptosystem will be infallible. He said cryptosystems should be built to maintain confidentiality for a given period of time, not forever.

"If we make assumption that 10 years from now there will be enough computing power to crack a 163-bit elliptic curve or 1024-bit RSA, then we will go to 2048-bit RSA or 192-bit ECC," said Depew. "The question is, does any one government or corporation have enough computing power to get someone's key or secret? You apply a relative key size for how long you want to keep it confidential and how many supercomputers you want to be protected from."

Related:

Copyright © 2000 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon