The means to this end is a science called cryptography, which provides the basic functions necessary to secure an electronic transaction. For the purposes of information security, there are two basic types of cryptographic systems (commonly known as cryptosystems): symmetric key and public key. This article will provide a brief overview of symmetric key cryptography, describe the three types of public key systems considered both secure and practical, and highlight one of them—elliptic curve cryptography (ECC). ECC is a public key technology rapidly emerging as the cryptosystem of choice for next-generation computing devices as well as desktop systems and applications.

Symmetric key, the simplest form of cryptography, uses the same key to encrypt and decrypt a message. This type of encryption, while fast, only provides one function of security: privacy. It also creates cumbersome key management problems in large-scale deployment. On its own, sym-metric key cannot sufficiently meet the needs of modern information security, they must typically be combined with public key systems to provide the full range of security capabilities.

Until recently, information security was generally equated only with privacy. With the rise of electronic commerce, particularly financial transactions, both merchants and consumers have come to demand more complex requirements of their security systems. These functions are:

Authentication—verification of the parties involved in a transaction

Non-repudiation—proof of action—providing proof that the transaction actually took place and proof of an individual's participation in a transaction.

Integrity—assurance that data is genuine.

These functions are critical to today's electronic commerce applications where lack of confidentiality represents less of a security risk to merchants and consumers than fraudulent activity such as information tampering or forgery.

Public key systems create keys in pairs, each key pair including a public half and a private half. By separating the keys in this way, public key systems enable some very useful security operations, such as digital signatures (explained below).

The private key can be used for digitally signing messages, or for decrypting messages intended for the private key holder. The public key can be distributed widely, and can be used by anyone to encrypt messages to, or verify messages from, the private key holder.

Public key systems are made possible by complex mathematical relationships between the keys. Practical public key systems are based on mathematics that make it computationally infeasible to determine the private key from the public key.

In a secure exchange of information, for example, the sender ("Bob") would use the recipient's ("Sally") public key to encrypt the private message. Sally would then use her private key to decrypt the private message.

Public key cryptography provides the mechanism for security functions beyond simple privacy. In fact, the increasingly critical security functions of authentication, data integrity and non-repudiation are best accomplished using digital signatures, which require the use of public key cryptography.

A Digital signature is the specific mechanism within cryptography that provides the benefits of authentication, data integrity and non-repudiation. As the name suggests, digital signatures are the electronic equivalent of handwritten signatures. Traditionally, handwritten signatures have provided security services because each individual has distinct handwriting, making their signature difficult to forge.

Securing electronic information requires the equivalent of a handwritten signature that cannot be duplicated. A public key construct called a digital signature, a message that is unique and exclusive to the original signer, provides the solution to this problem. A digital signature's make up is a function of both the signer's identity and the data being signed, so that any changes to the message data will effect a detectable change to the digital signature.

For an added level of transaction security, a certification authority (CA) can be used. A CA is a third party that is trusted to perform the service of validating information about each user and creating signed certificates to that effect.

A certificate is a packet of information which includes the users (in this case Bob's) public key, e-mail address, name, address and other useful information, such as expiration date of the certificate and user privileges. A CA creates, distributes, revokes, and generally manages these certificates.

For example, when Sally wants to obtain Bob's public key, she retrieves his certificate from a public directory, and verifies the CA's signature on the certificate itself. Provided this signature verifies correctly, she has The CA's assurance that bob's identity, his public key, and all other information in the certificate is correct. Sally can now go ahead and use Bob's public key to encrypt confidential information to send to Bob or to verify Bob's signatures, protected by the assurance of the certificate.

Integer Factorization Systems

Mathematicians Whitfield Diffie and Martin Hellman discovered the concept of public key cryptography in 1976, but the first practical public key cryptographic system was not developed until two years later at MIT. This system, named for its inventors Ron Rivest, Adi Shamir, and Len Adleman, is called RSA.

RSA is the best known of a family of systems whose security relies on the difficulty of an integer factorization problem for very large numbers (key sizes). The security of the RSA cryptosystem is determined by the difficulty of determining the prime factors of a large integer. Given today's computing power, the key size for RSA should be at least 150 decimal digits long (150 decimal digits is approximately 500 bits) to provide even short-term security. RSA, and the other members of the integer factorization family, can be used both for encryption and for digital signatures.

Discrete Logarithm Systems

Scientist Taher ElGamal was the first to propose a public key cryptosystem based on a mathematical problem called the discrete logarithm problem modulo prime p. ElGamal proposed two distinct systems: one to provide encryption, and one to perform digital signatures. In 1991, Claus Schnorr discovered a variant of the ElGamal digital signature system, which offers added efficiency, compared to the original system. In turn, the U.S. government's Digital Signature Algorithm (DSA) is based on ElGamal's work. These systems are the best known of a large number of systems whose security is based on this problem. The prime p used in discrete logarithm systems should also be at least 150 decimal digits (500 bits) in length to provide short-term security.

The Elliptic Curve Cryptosystem

Elliptic Curves have been studied in number theory and algebraic geometry for over 100 years. This fundamental mathematics theory was first applied to data security in 1985 when mathematicians Neil Koblitz and Victor Miller independently proposed the elliptic curve cryptosystem (ECC). Based on the discrete logarithm problem over the points on an elliptic curve, ECC can be used to very efficiently provide both digital signatures and encryption.

While most public key technologies require longer keys and more complex algebra than symmetric systems, the introduction of ECC, with its efficiency benefits, has solved many of the problems associated with other public key systems.

One of the advantages of ECC is that the elliptic curve discrete logarithm problem is believed to be harder than both the integer factorization problem and the discrete logarithm problem modulo p. This extra difficulty makes ECC the strongest public key cryptographic system known today. Not only does ECC require a much smaller key size than RSA or DSA to obtain an equivalent level of security, but the security gap between the systems grows as the key size increases. For example, 300-bit ECC is a great deal more secure than 2000-bit RSA or DSA and demands much less security overhead when used.

ECC provides the highest strength-per key-bit of any known public key technology. The relative strength advantage of ECC means that elliptic curve systems can offer the same level of cryptographic security as other algorithms, using a much smaller key size. ECC's shorter key lengths result in smaller system parameters, smaller public key certificates and—when implemented properly—faster implementations, lower power requirements, and smaller hardware processors.

In the near future, computing devices, particularly wireless, will be used for a wide variety of functions, including the transfer of confidential information, Internet commerce and financial transactions. In each of these applications, it is essential to establish the identities of the parties involved, otherwise the high value of the information transmitted electronically will be vulnerable to unauthorized access and misuse.

In wireless devices, which represent some of the most constrained resource devices available, ECC has a distinct advantage over other cryptographic algorithms. Wireless computing and communications devices have extremely limited computational power, bandwidth, memory and battery life.

ECC's efficiency benefits reduce the storage space needed for keys and certificates, and speed transaction time. With high volume transactions such as internet banking, this benefit is particularly attractive to merchants and customers as it will enable earlier deployment of new technologies, bringing greater conveniences to consumers.

Many financial applications process large volumes of data or Web server requests on a per transaction basis. Information security through public key cryptography is required for many electronic operations and is considered a necessity for most Internet-based applications. Even with significant server processing power, server applications can become seriously burdened at critical points in the system by public key operations. The use of high-speed ECC can increase efficiency by orders of magnitude in many cases.

While the security of ECC is ensured by the underlying mathematics, its efficiency is only guaranteed with proper implementation. When implemented properly, ECC has many application benefits that will serve to connect wireless and remote access computing devices to desktop computers and network servers with the same security now available only in a desktop environment. What follows is an overview of some of these applications.

Smart cards (also referred to as chip cards) are cryptographic tokens. Similar to a credit card, smart cards differ in that they house a computer chip that can be used to store a wealth of information, from health records, to access codes to electronic cash. Because the user's private key or password is housed on the card rather than in software on a desktop, smart cards add an extra layer of security for electronic transactions. They can also be highly cost-effective compared to other hardware tokens. The rigid constraints on processing power, parameter storage and code space of smart cards make many cryptographic algorithms infeasible for smart card security. ECC's efficient, compact security is ideal for this environment, making large-scale smart card deployment a viable business option for banks and credit card associations.

Already deployed heavily in Europe, smart cards are now beginning to gain acceptance in the United States. Most recently, smart cards were integrated into an experimental pilot* in the U.S. whereby participants can securely purchase uncut currency and novelty items from the Web site of the U.S. Treasury's Bureau of Engraving and Printing. Participants will swipe a smart card through a smart card reader attached to a PC, providing the authorized user access to an electronic wallet housed on the PC. Once the purchase goods have been defined and confirmed, the participant's credit card account is automatically debited, and the transaction securely processed using ECC technology. The product can then be shipped to the purchaser's address.

ECC is also enabling other innovative technologies such as personal ATM devices that download electronic cash, two-way pagers for secure, private wireless communications and financial transactions from handheld computers. These applications have been made feasible by the efficient security provided by ECC.

As the standards for ECC near completion, a growing number of companies have already licensed and begun integrating ECC into their products, including 3Com/ Palm Computing, Motorola Inc., VeriFone Inc., Pitney Bowes, Sterling Commerce, Infowave and others. The future of secure, low-cost wireless and other digital communications depends heavily on strong, efficient cryptography. The availability of efficient ECC implementations has revolutionized public key cryptography, enabling its use in and accelerating the deployment of advanced computing and communications technologies.