> Hence, elliptic curve systems offer more security per bit increase in key

> size than either RSA or Diffie-Hellman public key systems.

This statement is not equivalent to this statement:

> Elliptic Curve Cryptography provides greater security and more efficient

> performance than the first generation public key techniques (RSA and

> Diffie-Hellman) now in use.

If there is a practical limit to the necessary key size. Only the second part of the statement is true (it's more efficient)

(in other words, if a 128 bit symmentric or 3072 bit D-H key is unattackable, increasing the key size past 3072 provides no "extra" security).

I'm not saying that it's not more efficient.

There is another sort of shaky logical conclusion:

> However, unlike the RSA and Diffie-Hellman cryptosystems

> that slowly succumbed to increasingly strong attack algorithms,

> elliptic curve cryptography has remained at its full strength since

> it was first presented in 1985.

Taken together with this:

> In the public domain, more general theoretic attacks on the fundamental

> problems of factoring and discrete logs made steady progress until the

> early 1990's. Since that time, no dramatic improvements in these

> attack algorithms have been published.

10 years of no progress against a widely deployed technology seems to be a pretty good indicator that it's fairly secure. Sure, no progress against elliptic curve encryption is also an indicator that it's fairly secure, but I don't follow academic journals enough to know who's been attacking what, and for how long.

I don't find greater efficiency to be a compelling trade-off when comparing a widely deployed technology that has been relatively unscathed for 10 years vs a less widely deployed technology.

Unless I'm selling e-c cryptographic products.

]]>Probably a font issue, it should be 2^(k-1) or half the keyspace. I'm guessing the exponentiation got dropped from the formatting.

]]>We worked on this around late 2003/early 2004. Some guy from the NSA had a one hour-ish presentation about the technology.

We never licensed the technology, but at the base it works like this:

1. Multiple servers all ping the target IP multiple times (I think they figured optimal was about 8 times).

2. You discard all but the lowest latency (the closest to the wire latency).

3. You drop the constant part of all the latency involved, this amounts to say you substract the fastest from all the others.

4. You use the remaining latencies as keys to lookup up a table of known location for the closest match.

It requires a database of known locations. In tests, they had 50 miles accuracy in the bay area, I think. And they estimated that 6000 wll chosen locations could give metropolitan area precision over the continental us.

My memory is sketchy (we never ended up doing anything with this, I believe they never finalized the exclusivity contract they were trying to negociate. Might have something to do with the fact the company was knee deep in online gaming.) so I might be wrong on some details.

]]>You may be right.

]]>On preview, what Cypherpunk said.

]]>And what about bilinear pairing based cryptography, which is built on elliptic curves? Half the papers at crypto conferences these days are pairing based. That's because this new technology allows for capabilities far beyond what can be achieved with old techniques.

Further, the kinds of issues you have raised with elliptic curves apply with at least equal force to cryptosystems built on factoring and discrete logs, like RSA and DH.

Pairing is wired, elliptic curves are tired, and RSA is expired. You need to get with the program and stop living in the 1990s.

]]>But thats not what Certicom says ;)

You guys have a point when it comes to EC-based protocols. They just haven't been around that long. On the other hand, the generic study of elliptic curves and the elliptic curve discrete log problem (ECDLP) is not new. I believe its centuries old.

I'll leave it to the mathematical historians to verify/correct me on this... just thought I'd throw it out there.

]]>I'm doing way better than you. It works every other time for me!

]]>> It does when I try.

It is flaky. Works 5 times out of 10 :)

]]>"But ECC was less researched than the others algorithms!"

I agree with you, not the NSA.

]]>It does when I try.

(In any case, it's easy to search on the patent number.)

]]>You can read it here.

http://www.ibiblio.org/harris/500milemail.html

More movie-plot security? Seems like it...

]]>I am saying that primes properties (used in RSA) have being studying for centuries, but the Elliptic Curve studies has only few decades. So, it is reasonable to presume that with more research, ECC will must increase the key size to maintain the same strength that the older algorithms.

]]>and the advantages for the NSA.....

]]>But ECC was less researched than the others algorithms!

]]>