| STANDARDS FOR EFFICIENT CRYPTOGRAPHY Review of SEC1: Elliptic Curve Cryptography (2008) | |||||||||||||
Abstract | |||||||||||||
| At the request of Certicom Research, I performed a review of the SEC standard for Elliptic Curve Cryptography. The attached review is based on a study of version 0.4 of the proposed standard dated August 1999. The topics examined during the review include: • Design of cryptographic algorithms. Choice of cryptographic parameter sizes. • Security analysis. Relation to known and potential attacks. • Relation to alternative proposals in the crypto research community. • Clarity of presentation. The standard is very well written. It is easy to follow and carefully avoids any ambiguities that might arise during an implementation. Most of the cryptographic algorithms discussed in the standard have been around for several years and have been thoroughly analyzed by the research community. Similarly, recommended parameter sizes are based on practical experience with the Certicom challenges and recommendations of the research community. The available range of parameter sizes is adequate for both the ÒparanoidÓ and Ònot so paranoidÓ engineer. All cryptographic algorithms discussed in the standard include tests designed to defeat known attacks. I was pleasantly surprised to see that no essential tests have been left out. The standard itself is conservative in its design and takes potential future attacks into consideration. An in depth discussion is provided in the body of the report. Page 2 of 8 | |||||||||||||
Publication details | |||||||||||||
| |||||||||||||