Filter
Top Products
Choosing Algorithms
90 RSA BSAFE Crypto-C Developer’s Guide
limited. In typical applications of cryptography, public-key operations are employed
in combination with other techniques. In particular, public-key operations often
represent only a minor overhead in the total processing, whether in storage or in
computation time. A “faster” or “smaller” public-key technique thus may have little
overall impact in many applications.
Elliptic curve cryptosystems have, at this point, relatively fewer cryptanalytic results
than established systems. It could be that the systems are stronger, or it could be that
they are just not that well understood. In either case, this is an observation that calls
for further study.
In conclusion, RSA Security is currently recommending that elliptic curve
cryptosystems continue to be studied as additional tools in the public-key repertoire,
and that they be considered as near-term solutions in the particular cases where the
alternative would be to have no security at all.
For more information about elliptic curve cryptosystems, see the RSA Laboratories
technical note, Recommendations on Elliptic Curve Cryptosystems, at
http://www.rsasecurity.com/rsalabs/technotes/.
Interoperability
Elliptic curve public-key methods can be constructed in a number of ways.
Parameters can be chosen over odd prime fields or fields of even characteristic. The
underlying mathematics of these implementations is different enough that a
successful implementation of only one of these approaches could not handle another
implementation. In essence, this means that one could build two different
cryptosystems, both using elliptic curve cryptography, but unable to interoperate
with each other.
The two main interoperability issues for elliptic curve cryptosystems are the choice of
finite field over which the elliptic curve is defined and the representation of elements
in the finite field.
There are two types of finite fields: finite fields with p elements, where p is an odd
prime, denoted F
p
, and called “odd prime fields”, and a finite field with 2
m
elements
for some integer m, denoted F
m
, and called “even characteristic.” It is not possible to
convert between the two types of finite field, so the choice of finite field is critical to
interoperability.
The even characteristic implementations offer greater gains in hardware
implementation. However, the odd prime implementations can use the same special-
purpose circuitry that is available for implementations such as RSA encryption. This
can make the odd characteristic a better choice for situations where RSA hardware is