Friday, August 19, 2005

Elliptic curve cryptography

Mr. Athar Mahboob, a very respected name in computer networking in Pakistan was working towards his PhD with interest in Elliptic curve cryptography. I reckon he would've finished by now, but no confirmation. I checked what elliptic curve cryptography is. I quote from Microsoft Research's website:
Ever notice when you're shopping online how as you enter that secure cash register zone where you give the merchant your credit card, your connection to the Internet seems to slow down? That's because the information you're sending back and forth is encrypted using public-key cryptography.

Now a modern computer can perform the several complicated mathematical operations on 128-digit numbers necessary for ordinary public-key cryptography in about 1/100th of a second. That seems fast, but a server computer on a busy merchant's site has to reply to thousands of requests every minute. Those hundredths of a second add up pretty quick when you're waiting for your real-time stock quotes.

The merchant can't compromise the security of the transaction. He either has to buy more servers or let the customers wait. So the challenge for the cryptographers at Microsoft Research is to strike a balance between speed and security. The fewer steps in an algorithm, the faster it works. The question then becomes, does a fast encryption message provide enough security for the data? That's always a judgment call.

No comments: