IP: more Re: Elliptic Curve 97-bit Challenge Broken

[David Farber <farber () cis upenn edu>]

> Date: Tue, 28 Sep 1999 13:41:51 -0700
> To: farber () cis upenn edu
> From: Rohit Khare <rohit () uci edu>
> Subject: Re: IP: Elliptic Curve 97-bit Challenge Broken
> Cc: Robert.Harley () inria fr
>
> Rob Harley and I are part of 4K Associates, an Internet 
> standards-strategy consultancy,. Our own original US press release 
> added a few more personal opinions...
>
> From: http://www.4K-Associates.com/Press
>
> > "Understanding the bounds of ECC's strength grows more urgent as it 
> > is written into more and more Internet standards," noted Rohit 
> > Khare, a principal of the 4K Associates standards-strategy 
> > consultancy and colleague of Mr. Harley. "For example, our recent 
> > analysis of the WAP [Wireless Application Protocol] suite agreed 
> > that RSA is too power-hungry for hand-held devices, but cautioned 
> > that there are pitfalls in blindly incorporating ECC into existing 
> > protocols."
>
> > According to Dr. Robert Zuccherato, senior cryptographer at Entrust 
> > Technologies Inc., "Successful efforts like this one, while 
> > demonstrating the weakness in practice of short keys, also confirm 
> > the security level achieved by the 160-bit or longer keys used in 
> > commercial elliptic-curve cryptosystems." He added that "Entrust 
> > Technologies was pleased to provide resources to assist in this 
> > project."
>
> > Khare observed that a determined adversary such as a government 
> > agency or a corporation with substantial computing resources would 
> > make short work of a 97-bit ECC key or indeed the 109-bit key in 
> > the next Certicom problem.
>
> > "We are now close to the 112-bit limitation that many Western 
> > governments impose on exportable ECC software via the Wassenaar 
> > Agreement." said Mr. Harley. "Our repeated successes are 
> > demonstrating that such short keys offer a wholly inadequate level 
> > of security. These export restrictions, while claimed to be in the 
> > public interest, in fact facilitate industrial espionage, hinder 
> > global competition and limit people's right to privacy."