[118457] in Cypherpunks
IP: more Re: Elliptic Curve 97-bit Challenge Broken
daemon@ATHENA.MIT.EDU (Robert Hettinga)
Tue Sep 28 19:04:25 1999
Mime-Version: 1.0
Message-Id: <v0421012bb416f41658d2@[207.244.110.163]>
Date: Tue, 28 Sep 1999 18:39:25 -0400
To: cryptography@c2.net, cypherpunks@cyberpass.net
From: Robert Hettinga <rah@shipwright.com>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Reply-To: Robert Hettinga <rah@shipwright.com>
--- begin forwarded text
Delivered-To: ip-sub-1-outgoing@listbox.com
Delivered-To: ip-sub-1@admin.listbox.com
Date: Tue, 28 Sep 1999 16:56:28 -0400
To: ip-sub-1@admin.listbox.com
From: David Farber <farber@cis.upenn.edu>
Subject: IP: more Re: Elliptic Curve 97-bit Challenge Broken
Sender: owner-ip-sub-1@admin.listbox.com
Reply-To: farber@cis.upenn.edu
>Date: Tue, 28 Sep 1999 13:41:51 -0700
>To: farber@cis.upenn.edu
>From: Rohit Khare <rohit@uci.edu>
>Subject: Re: IP: Elliptic Curve 97-bit Challenge Broken
>Cc: Robert.Harley@inria.fr
>
>Rob Harley and I are part of 4K Associates, an Internet
>standards-strategy consultancy,. Our own original US press release
>added a few more personal opinions...
>
>From: http://www.4K-Associates.com/Press
>
>>"Understanding the bounds of ECC's strength grows more urgent as it
>>is written into more and more Internet standards," noted Rohit
>>Khare, a principal of the 4K Associates standards-strategy
>>consultancy and colleague of Mr. Harley. "For example, our recent
>>analysis of the WAP [Wireless Application Protocol] suite agreed
>>that RSA is too power-hungry for hand-held devices, but cautioned
>>that there are pitfalls in blindly incorporating ECC into existing
>>protocols."
>
>>According to Dr. Robert Zuccherato, senior cryptographer at Entrust
>>Technologies Inc., "Successful efforts like this one, while
>>demonstrating the weakness in practice of short keys, also confirm
>>the security level achieved by the 160-bit or longer keys used in
>>commercial elliptic-curve cryptosystems." He added that "Entrust
>>Technologies was pleased to provide resources to assist in this
>>project."
>
>>Khare observed that a determined adversary such as a government
>>agency or a corporation with substantial computing resources would
>>make short work of a 97-bit ECC key or indeed the 109-bit key in
>>the next Certicom problem.
>
>>"We are now close to the 112-bit limitation that many Western
>>governments impose on exportable ECC software via the Wassenaar
>>Agreement." said Mr. Harley. "Our repeated successes are
>>demonstrating that such short keys offer a wholly inadequate level
>>of security. These export restrictions, while claimed to be in the
>>public interest, in fact facilitate industrial espionage, hinder
>>global competition and limit people's right to privacy."
--- end forwarded text
-----------------
Robert A. Hettinga <mailto: rah@ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
