NSA Pushes Elliptic-Curve Cryptography to Secure Small Devices and Lend Support to Interoperable Communication Networks

Although the cryptographic security standards used in public-key infrastructures, RSA and Diffie-Hellman, have not been cracked, they were introduced in the 1970s and there is growing concern that the standards may soon be outdated. Consequently, the National Security Agency wants to switch cybersecurity to elliptic-curve cryptography (ECC) by 2010, the same year the National Institute of Standards and Technology plans to recommend all government agencies switch to ECC, according to Dickie George, technology director of the NSA’s information assurance directorate. Using current standards requires continually extending the key lengths, which increases processes time and makes it difficult to secure small devices. EEC is a mathematical algorithm that is used to secure data in transit, and because it provides greater security using a smaller key size, it takes less computational time and can be used on smaller devices, like cell phones, wireless devices, and smart cards. Stephen Kent, chief scientist at BBN Technologies, says to make RSA and Diffie-Hellman keys, which currently can extend up to 1,024 bits, secure for the next 10 to 20 years the keys would have to at least double in length, and eventually expand up to 4,096 bits. Switching to EEC, however, will require a massive replacement of hardware and software, and with more than a million different pieces of equipment that need to be changed to EEC, it could take the NSA more than 10 years to complete the process. George says the move to ECC is more than just replacing an encryption system, and is actually upgrading the entire communications structure, which the NSA will use to work more closely with other governments, U.S. agencies and departments, first responders, and the private sector. Interoperability is key to the new communication program and the reason behind the Cryptographic Modernization initiative, which was started in 2001 and promotes ECC. Experts agree that there is no new technology comparable to ECC. “ECC is the only impressive thing out there,” Kent said. “People don’t get excited every time a new thing comes along. We wait several years and let people try to crack it first. ECC definitely passed the test in this regard.” Read full article here: SPECIAL REPORT | NSA pushes elliptic-curve cryptography to secure small devices and lend support to interoperable communication networks. Government Computer News – 08/06/07.

  1. Michael Anders

    In the light of recent disclosures by Edward Snowden, this seems to indicate the NSA expected to be able to manage eavesdropping better introducing the new algorithms.
    So probably the NIST Domains do contain them. Or did they just expect to get more chances to plant new backdoors during the change process?
    The second option would indicate they did change their policy to the worse around 2007.

    Michael Anders

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.