Sign up to save your podcasts
Or
Share Real Cryptography Has Curves: Making The Case For ECC
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Real Cryptography Has Curves: Making The Case For ECC
Consider yourself a fascinating person if you've ever heard the term "Elliptic Curve Cryptography" (ECC). Consider yourself a cryptographic crackerjack if you actually know what it does and how it all works. If you are a mere mortal like the rest of us, you might not understand every single aspect of ECC. Nonetheless, many web applications are (or soon will be) using ECC to secure online transactions, so I wanted to spend some time discussing the details behind this relevant and important topic. A Walk Down Memory Lane Before diving into Elliptic Curve Cryptography (ECC), let's take a quick stroll down the cryptography memory lane that brought us to the point of even caring about ECC. Prior to the 1970s, cryptography was based primarily on securing communications using a shared secret key. This secret key was used to both encrypt and decrypt communications. This type of encryption is called “symmetric” because the same key is used to encrypt and decrypt. Symmetric encryption is still used widely today because of its speed and efficiency. In fact, you are using it right now to read this article! As computers grew in popularity and our reliance on secure communications became more and more necessary for everyday life, experts began to see a significant issue with symmetric encryption. This issue dealt with key distribution and exchange. Back in the day, people would have to find creative ways to share the secret encryption/decryption key so that no one else got their hands on it. Imagine the headache of trying to figure out how to share a secret key with someone on the other side of the world. And, what if the key was compromised? How do you re-share a new key? You can see how this could turn into a frustrating situation. Fortunately, in 1977, a new era of viable cryptography was introduced. Rather than dealing with the hassle of distributing symmetric keys, a few really smart dudes introduced what we now know as Public Key Cryptography. In Public Key Cryptography, two keys are used…a private key and a public key. Anyone in the world can get a copy of the public key, but only the user has a copy of his/her private key. The genius of it all is that the private key can decrypt a message that has been encrypted with the public key…in fact, the private key is the ONLY key that can decrypt a message that has been encrypted with the associated public key. Today, we use Public Key Cryptography to share symmetric encryption keys. That way, we can still realize the efficiency and speed of symmetric encryption without the headache of sharing the symmetric keys. Is That A Trapdoor? Public Key Cryptography is awesome because it allows you to literally share half of your encryption key with anyone and everyone. But, the question is…how in the world does that even work? How can you give away half of your encryption information and still have a viable and secure form of communication? The fundamental approach to solving this problem comes in the form and what’s called a “trapdoor” function. A trapdoor function is one that’s really easy to solve in one direction, but really difficult to solve the other direction. For example, if I could create a mathematical function that makes it super easy to get to point “B” given a value for point “A” but makes it almost impossible to figure out where point “A” is if I only know the value of point “B” then I have a good trapdoor function…easy one direction but hard the other. A good trapdoor function is absolutely critical in the implementation of Public Key Cryptography. But that begs another question…do we have any good trapdoor functions lying around? Rivest, Shamir, and Adleman&hell
View all episodes
Consider yourself a fascinating person if you've ever heard the term "Elliptic Curve Cryptography" (ECC). Consider yourself a cryptographic crackerjack if you actually know what it does and how it all works. If you are a mere mortal like the rest of us, you might not understand every single aspect of ECC. Nonetheless, many web applications are (or soon will be) using ECC to secure online transactions, so I wanted to spend some time discussing the details behind this relevant and important topic. A Walk Down Memory Lane Before diving into Elliptic Curve Cryptography (ECC), let's take a quick stroll down the cryptography memory lane that brought us to the point of even caring about ECC. Prior to the 1970s, cryptography was based primarily on securing communications using a shared secret key. This secret key was used to both encrypt and decrypt communications. This type of encryption is called “symmetric” because the same key is used to encrypt and decrypt. Symmetric encryption is still used widely today because of its speed and efficiency. In fact, you are using it right now to read this article! As computers grew in popularity and our reliance on secure communications became more and more necessary for everyday life, experts began to see a significant issue with symmetric encryption. This issue dealt with key distribution and exchange. Back in the day, people would have to find creative ways to share the secret encryption/decryption key so that no one else got their hands on it. Imagine the headache of trying to figure out how to share a secret key with someone on the other side of the world. And, what if the key was compromised? How do you re-share a new key? You can see how this could turn into a frustrating situation. Fortunately, in 1977, a new era of viable cryptography was introduced. Rather than dealing with the hassle of distributing symmetric keys, a few really smart dudes introduced what we now know as Public Key Cryptography. In Public Key Cryptography, two keys are used…a private key and a public key. Anyone in the world can get a copy of the public key, but only the user has a copy of his/her private key. The genius of it all is that the private key can decrypt a message that has been encrypted with the public key…in fact, the private key is the ONLY key that can decrypt a message that has been encrypted with the associated public key. Today, we use Public Key Cryptography to share symmetric encryption keys. That way, we can still realize the efficiency and speed of symmetric encryption without the headache of sharing the symmetric keys. Is That A Trapdoor? Public Key Cryptography is awesome because it allows you to literally share half of your encryption key with anyone and everyone. But, the question is…how in the world does that even work? How can you give away half of your encryption information and still have a viable and secure form of communication? The fundamental approach to solving this problem comes in the form and what’s called a “trapdoor” function. A trapdoor function is one that’s really easy to solve in one direction, but really difficult to solve the other direction. For example, if I could create a mathematical function that makes it super easy to get to point “B” given a value for point “A” but makes it almost impossible to figure out where point “A” is if I only know the value of point “B” then I have a good trapdoor function…easy one direction but hard the other. A good trapdoor function is absolutely critical in the implementation of Public Key Cryptography. But that begs another question…do we have any good trapdoor functions lying around? Rivest, Shamir, and Adleman&hell