Mathematical Advances Strengthen IT Security
Rapidly rising cyber crime and the growing prospect of the Internet being used as a medium for terrorist attacks pose a major challenge for IT security. Cryptography is central to this challenge, since it underpins privacy, confidentiality, and identity, which together provide the fabric for e-commerce and secure communications.
Cryptography since the beginning of the Internet has been based extensively on the RSA public key system, used for digital signatures and the exchange of private keys that in turn encrypt message content. The RSA cryptosystem, introduced by Rivest, Shamir and Adlement in 1977, relies for its security on the difficulty of working out the factors dividing large integers (whole numbers). RSA has performed well until now, but the level of protection it provides has been eroded by constant efforts to develop more efficient methods for breaking it.
However, a different approach based on the mathematical theory of elliptic curves has emerged as a leading candidate for more efficient cryptography capable of providing the optimum combination of security and processing efficiency. Elliptic curves* are equations with two variables, say x and y, including terms where both x and y are raised to powers of two or more. The theory of elliptic curves played an important role in the solution of the famous problem, Fermat’s Last Theorem, in the early 1990s, and also ironically has been exploited for attacks on RSA cryptography.
The potential for elliptic curves and other modern techniques of mathematics were discussed at a recent workshop organised by the European Science Foundation (ESF), which set the stage for development of a program of European-wide research on the field.
“The impact of the elliptic curve method for integer factorization (developed by my PhD advisor Hendrik Lenstra) has played a role in introducing elliptic curves to cryptographers, albeit for attacking the underlying problem on which RSA is based (the difficulty of factoring integers),” said David Kohel, convenor of the ESF workshop, from the Institut de Mathematiques de Luminy in Marseille, France.
Indeed, it so happened that elliptic curves started to be applied to both number factorization and cryptography at about the same time, in the late 1980s. At first the application, factorization advanced much more quickly, while the technical difficulty involved held back elliptic curve cryptography. But, the very success of elliptic curve factorization started to undermine the security of RSA, since this relies on the difficulty of factorizing the product of two prime numbers. This, in turn, has stimulated development of elliptic curve cryptography in more recent years, said Kohel. So having first undermined the prevailing RSA method of cryptography, the sophisticated mathematics of elliptic curves has itself come to the rescue.
As Kohel noted, the advantage of elliptic curve cryptography lies in its immunity to the specialized attacks that have eroded the strength of RSA, with the result that smaller keys can be used to provide a given level of protection.
“The size of the parameters (essentially the key size) for elliptic curve cryptography (ECC) needed to ensure security under our current state of understanding is much lower for ECC than for RSA or ElGamal, another alternative cryptographic method,” said Kohel. Indeed, keys 160 bits long provide ECC with the same level of security as 1024 bit keys for RSA.
The consequence is that, even though the algorithms required to implement ECC are actually more complex than for RSA, it is computationally more efficient. In effect then, ECC will make it easier to stay a step ahead of the hackers without undue load on computers.
“In general, the cryptographer has the benefit over the cryptanalyst attacking the cryptosystem, as he or she can select the key size for any desired level of security measured in ‘cost’ either in euros or computer-years, provided everyone has the same base of knowledge of best attacks on the underlying cryptosystem,” Kohel noted.
Crucially, even with RSA, it is still much harder computationally to break the system than to use it but, as Kohel pointed out, this margin is greater for ECC.
The ESF workshop was highly successful in bringing together mathematicians and computer specialists whose combined expertise is required to implement complex cryptographic algorithms. As Kohel noted, there has always been a time lag in exploiting mathematical advances in cryptography, because the engineers responsible for implementation take some years to grasp the technical complexities of the algorithms. One positive benefit of the ESF workshop could be to reduce that time lag.
The ESF workshop “Curves Coding Theory and Cryptography,” was held in Marseille, France in March 2009.
*An elliptic curve is an equation of the form y2 = x3 + ax + b.