X

Certicom creates standards body

The crypto firm is organizing companies around its version of an elliptic-curve algorithm. Industry biggie RSA was not invited.

2 min read
Elliptic curve cryptography firm Certicom has created body of customers to create a standard so that different implementations of ECC--considered more efficient for small or mobile devices--will interoperate.

RSA Data Security, whose widely used algorithms compete with Certicom's, was not invited to join the body, even though RSA said earlier this year it would support elliptic curve in its toolkits. No one at RSA could be reached for comment.

"The only way you're going to use cryptography is if can interoperate with other systems," said Gadiel Seroussi, a Hewlett Packard Labs researcher and one of three HP representatives for the new body.

Like HP, whose VeriFone unit has licensed Certicom technology for home-based ATMs, two other members of Certicom's "Standards for Efficient Cryptography Group" are licensees: 3Com for its Palm Pilot and Motorola for a wireless phone.

Among security firms in the group, most are certificate authorities--Baltimore Technologies, Xcert, GTE CyberTrust, and Thawte. VeriSign which was spun out of RSA, is not a member.

Systems integrator Ernst & Young, which swings weight with its Fortune 1000 clients, is a member of the group, along with Fujitsu and NTT Electronics.

"The one thing holding up elliptic curve cryptography is standards," said Chuck Williams, chief scientist at security firm Cylink. "It's good news for the industry as a whole to move ECC forward because it is a promising technology."

Paul Kocher, president of crypto consulting firm Cryptography Research, said Certicom is the only firm that could drive a standards effort, since it is the most commercial promoter of elliptic curve crypto.

"By pulling customers into a standards-development process, they feel they're part of the system," Kocher said. If one commercially dominant version of elliptic curve emerges, it is likely to see more widespread adoption, he added.

HP's Seroussi noted that two standards bodies, IEEE and ANSI, are considering standards that include elliptic curve, but he said those efforts aren't specific enough to guarantee interoperability. He expects the new organization to define a more precise, de facto standard.

Certicom spokesman David Krane said RSA is free to join the group if it wants to.

"RSA is busy trying to maximize the value of the RSA patent and therefore has a legitimate business motivation to delay the adoption of any other competitive crypto system," Krane said, noting that RSA's basic patents expire in 2000. "This group is dedicated to the adoption and widespread use of elliptic curve cryptography, which is directly competitive to RSA."