Thursday, May 14, 2009

Mathematical Advances Strengthen IT Security

ACM TechNews is running an article about a new cryptography approach based on the mathematical theory of elliptic curves, a leading candidate to replace the widely used RSA public key security system.

Elliptic curves are equasions with two variables, e.g., x and y, including terms where both x and y are raised to powers of two or more. The possibilities for elliptic curves and other modern mathematical techniques were discussed at a recent workshop organized by the European Science Foundation (ESF).
“The impact of the elliptic curve method for integer factorisation (developed by my PhD advisor Hendrik Lenstra) has played a role in introducing elliptic curves to cryptographers, albeit for attacking the underlying problem on which RSA is based (the difficulty of factoring integers),” said David Kohel, convenor of the ESF workshop, from the Institut de Mathematiques de Luminy in Marseille, France.

Kohel describes the advantage of elliptic curve cryptography as its immunity to the specialized attacks that have degraded the strength of RSA (smaller keys can be used to provide the same levels of protection).
"In general, the cryptographer has the benefit over the cryptanalyst (the person attacking the cryptosystem) as he or she can select the key size for any desired level of security, provided everyone has the same base of knowledge of best attacks on the underlying cryptosystem," he says.

See details in European Science Foundation.