Skip to Content Java Solaris Communities Partners My Sun Sun Store United States Worldwide

Projects
»  Speech and Voice
»  VLSI Research
»  Barcelona
»  Golden Gate
»  JFluid
»  Conceptual Indexing
»  Vanguard Media Appliance Platform
Next Generation Crypto
»  SunFlight
Next Generation Crypto

Securing the Web with Elliptic Curve Cryptography

Elliptic Curve Cryptography (ECC) is emerging as an attractive public-key cryptosystem for mobile/wireless environments. Compared to traditional cryptosystems like RSA, ECC offers equivalent security with smaller key sizes, which results in faster computations, lower power consumption, as well as memory and bandwidth savings. This is especially useful for mobile devices which are typically limited in terms of their CPU, power and network connectivity. Elliptic Curve Cryptography (ECC) has recently been endorsed by the US government.

The Next Generation Crypto project focuses on three key components:

  1. implementation of an elliptic curve crypto library and security architectures for various platforms ranging from small sensors to high-performance web servers
  2. implementation of a common hardware architecture for accelerating ECC as well as RSA
  3. enabling broad industry adoption of ECC by
    1. promoting ECC standardization within SSL, the dominant security protocol used on the Internet, and
    2. contributing ECC technology to OpenSSL and NSS/Mozilla the two most popular open source cryptographic libraries

Open Source Software

  1. The latest version of OpenSSL with Sun's ECC contribution can be found at ftp://ftp.openssl.org/snapshot/, (please download openssl-SNAP-20051214.tar.gz or a later revision). Frequently Asked Questions regarding Sun's ECC contribution to the OpenSSL project.
    NOTE: OpenSSL snapshots between Apr 21, 2004 and Dec 13, 2005 implemented an older version of IETF "ECC in TLS" specification.
  2. Netscape Security Services (NSS) version 3.8 and later include Sun's ECC contribution. Download instructions are included in the release notes.
  3. An ECC-enabled version of the Firefox browser with support for ECC cipher suites in SSL and ECC certificate enrollment is available here and can be tested against the new ECC interoperability server.
    NOTE: If you are looking for an older version of the ECC enabled browser/email reader with the ability to use ECDSA for email signing, click here.

Standardization

  1. ECC Cipher Suites for TLS, IETF Internet-draft specifying the use of Elliptic Curve Cryptography with SSL. Click here for the latest version and revision history.
  2. Elliptic Curve Diffie-Hellman Key Exchange for the SSH Transport Level Protocol, IETF Internet-draft draft-stebila-secsh-ecdh-00.txt specifying the use of Elliptic Curve Cryptography with SSH, Nov. 2003

White Papers and Presentations

  1. Extending Internet Connectivity to Smart Dust, a white paper describing emerging applications of wireless sensor networks and how Elliptic Curve Cryptography is poised to play an important role in securing these networks.
  2. Elliptic Curve Cryptography: The Next Generation of Internet Security, a white paper describing how Elliptic Curve Cryptography is an ideal match for the Internet's future security needs.
  3. Slides from presentations on Elliptic Curve Cryptography at The Stanford Networking Research Center (SNRC) and SunNetwork 2003 [SNRC slides, SunNetwork 2003 slides].
  4. Sizzle - SSL on motes, Winter 2005 CENTS Retreat, Jan. 2005.

Research Publications

  1. Sizzle: A Standards-based end-to-end Security Architecture for the Embedded Internet, Pervasive and Mobile Computing Journal (special issue on selected papers from PerCom 2005), Vol 1, Issue 4, Dec 2005, pp. 425-445. Expanded version of the paper that won the Mark Weiser Best Paper Award at PerCom 2005.
  2. Sizzle: A Standards-based end-to-end Security Architecture for the Embedded Internet, Third IEEE International Conference on Pervasive Computing and Communication (PerCom 2005), Kauai, Mar. 2005 [slides].
  3. Energy Analysis of Public-Key Cryptography for Wireless Sensor Networks, Third IEEE International Conference on Pervasive Computing and Communication (PerCom 2005), Kauai, Mar. 2005 [slides].
  4. A Public-key Cryptographic Processor for RSA and ECC, ASAP 2004, Galveston, Sept. 2004.
  5. Accelerating Next-Generation Public-key Cryptography on General-Purpose CPUs, Hot Chips 16, Stanford, Aug. 2004.
  6. Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs, CHES2004, Cambridge (Boston), Aug. 2004.
  7. Integrating Elliptic Curve Cryptography into the Web's Security Infrastructure, WWW 2004, New York City, May 2004.
  8. Speeding up Secure Web Transactions Using Elliptic Curve Cryptography, The 11th Annual Network and Distributed System Security (NDSS) Symposium, San Diego, Feb. 2004 [slides].
  9. Embedded End-to-End Wireless Security with ECDH Key Exchange, The 46th IEEE Midwest Symposium On Circuits and Systems, Cairo, Egypt, Dec. 2003.
  10. A Cryptographic Processor for Arbitrary Elliptic Curves over GF(2^m) , ASAP2003, The Hague, The Netherlands, June 2003.
  11. Generic Implementations of Elliptic Curve Cryptography Using Partial Reduction, CCS2002, Washington, Nov. 2002.
  12. An End-to-End Systems Approach to Elliptic Curve Cryptography, Workshop on Cryptographic Hardware and Embedded Systems, (CHES 2002), Redwood City, Aug. 2002
  13. Performance Analysis of Elliptic Curve Cryptography for SSL, ACM Workshop on Wireless Security (WiSe), Mobicom 2002, Atlanta, Sept. 2002
  14. From Euclid's GCD to Montgomery Multiplication to the Great Divide Sun Labs Technical Report 95, June 2001.

Awards

  1. Mark Weiser Best Paper Award at PerCom 2005, Mar. 2005 [Award ceremony photo].
  2. 2004 Chairman's Award for Innovation, the top achievement award at Sun Microsystems for individual and/or team innovation, Apr. 2004.
  3. Best Presentation at HotChips, Aug. 2004.
  4. Best Paper Award at ASAP2003, Jun. 2003.
  5. Sun Labs Technology Transfer Award, Sep. 2002.

Videos

An MPEG-4 player such as Quicktime 6.0 or EnvivioTV is required to view MPEG-4 video and the RealPlayer is required to view RealMedia content.

  1. Do you know what Elliptic Curve Cryptography is? A humorous exploration of this important question shot on location at SunNetwork 2002, San Francisco, Sept. 2002. [4.2 MB MPEG-4| 8MB RealMedia (Download) | RealMedia Stream]
  2. A video describing Elliptic Curve Cryptography and our efforts to develop special hardware for accelerating ECC computations. [9.7MB MPEG-4]
  3. A video describing Elliptic Curve Cryptography and our efforts to promote industry adoption of this technology. [6.8MB MPEG-4]

Press

  1. Sun's R&D Spectrum, Computer World Future Watch article by Gary H. Anthes, June 2005.
  2. Huge Advance for Tiny Devices", Feb. 2005.
  3. Sun Creates World's Smallest SSL Web Server, ComputerWire, Jan. 2005
  4. Sun Microsystems Researchers Unveil World's Smallest Secure Web Server, Win Best Paper Award at PerCom 2005, Dec. 2004 [PDF].
    A web search on "Sizzle World's Smallest Secure Web Server" reveals many sites that covered this story.
  5. ECC and the IETF - Part 2, Code and Cipher, Vol.1, no. 4. (This article quotes results from our NDSS 2004 paper to make the point that web servers can handle many more secure transactions using ECC compared to RSA, especially at larger key sizes needed to meet future security requirements)
  6. Open-source group gets Sun security gift, CNet, Sept. 2002.
  7. OpenSSL Gets Cryptography Gift From Sun, SlashDot, Sept. 2002.
  8. Sun Tackles Security, eWeek, Sept. 2002.
  9. Sun Microsystems Laboratories contribute next generation security technologies to open source project, Sun Microsystems Press Release, Sept. 2002.
  10. Sun Microsystems Chief Security Officer Whit Diffie calls industry to action, Sun Microsystems Press Release, Sept. 2002

Posters

  1. Elliptic Curve Cryptography -- How it Works.
  2. Securing the Next Generation Internet.
  3. Integrating Elliptic Curve Cryptography (ECC) into the Web's Security Infrastructure.
Would you recommend this Sun site to a friend or colleague?
Contact About Sun News Employment Privacy Terms of Use Trademarks Copyright 1994-2008 Sun Microsystems, Inc.