MISSISSAUGA, Ontario–April 27, 2004–Certicom Corp. (TSX: CIC), the authority for strong, efficient cryptography, today announced that Chris Monico, an assistant professor at Texas Tech University, and his team of mathematicians have successfully solved the Certicom Elliptic Curve Cryptography ECC2-109 Challenge. The effort required 2,600 computers and took 17 months. For comparison purposes, the gross CPU time used would be roughly equivalent to that of an Athlon XP 3200+ working nonstop for about 1,200 years.
Monico also lead the team that won the ECCp-109 Certicom challenge in 2002. Although the same key length, this challenge was solved over a field of characteristic 2 rather than a prime field.
For those people concerned about data security, this announcement is good news. The key solved in this challenge is well below the strength of commercial standards used by Certicom and many others today, which is ECC 163 or higher. In fact, it would be approximately one hundred million times harder to solve ECC 163.
Why participate in the challenge? “I think public-key cryptography based on ECC is what we should, and will be, moving toward,” said Monico. “And besides, the fact that this is likely the last of the ECC challenges to be solved in the next few years was a big motivator. The only way to get at the 130-bit level challenges is by a combination of Moore’s law–wait around for computers to get faster–and gathering more computers. Personally, I think it’s unlikely to happen soon.”
In addition to the professional incentives, Monico and his team will receive a US $10,000 prize for solving the challenge.
Certicom introduced the ECC Challenge in November 1997. It was developed to increase industry understanding and appreciation for the difficulty of the elliptic curve discrete logarithm problem, and to encourage and stimulate further research in the security analysis of elliptic curve cryptosystems.
There are three challenge levels: Exercises; Level I, comprising 109-bit and 131-bit challenges; and Level II, comprising 163-bit, 191-bit and 359-bit challenges. The Exercises and the 109-bit challenges are considered feasible and could be solved in a matter of months, while the 131-bit challenges would require significantly more resources to solve as they are 2,000 times more difficult than the 109-bit challenges. All Level II challenges are believed to be computationally infeasible.
“I would like to take this opportunity to congratulate Chris Monico and his team for the great effort. It is our hope that the knowledge and experience gained from the challenge will help show how difficult it is to break an ECC key, even at a relatively small bit length,” said Dr. Scott Vanstone, founder and executive vice-president, strategic technology at Certicom. “ECC is considered a next generation public-key technology that is here today. The NSA demonstrated their trust in the strength of these systems when recently they licensed some of our ECC technology to secure mission critical information.”
Certicom is a pioneer in researching and developing ECC. It is a computationally efficient form of cryptography that offers equivalent security to other competing public-key technologies but with much smaller key sizes. Because of its efficient size, it is especially well suited for mobile devices, mobile middleware, and industrial equipment requiring long battery life. It’s even used in digital postage marks.
In 1997, Certicom developed the industry’s first toolkit to include ECC which has since been adopted by over 300 organizations. Security Builder Crypto, a cross-platform cryptographic toolkit, includes standards-based ECC implementations that are optimized for size and performance on over 30 platforms. Through its Intellectual Property Licensing Program, Certicom provides licenses to organizations that have implemented or are wishing to implement the technologies covered in Certicom’s extensive patent portfolio.
Certicom Corp. (TSX:CIC) is the authority for strong, efficient cryptography required by software vendors and device manufacturers to embed security in their products. Adopted by the US Government’s National Security Agency (NSA), Certicom technologies for Elliptic Curve Cryptography (ECC) provide the most security per bit of any known public key scheme, making it ideal for constrained environments. Certicom products and services are currently licensed to more than 300 customers including Motorola, Oracle, Research In Motion, Terayon, Texas Instruments and XM Radio. Founded in 1985, Certicom is headquartered in Mississauga, ON, Canada, with offices in Ottawa, ON; Reston, VA; San Mateo, CA; and London, England. Visit www.certicom.com.
Certicom, Security Builder, Security Builder Crypto, Security Builder SSL, Security Builder PKI, Security Builder GSE, movianVPN, movianCrypt and movianMail are trademarks or registered trademarks of Certicom Corp. All other companies and products listed herein are trademarks or registered trademarks of their respective holders. Except for historical information contained herein, this news release contains forward-looking statements that involve risks and uncertainties. Actual results may differ materially. Factors that might cause a difference include, but are not limited to, those relating to the acceptance of mobile and wireless devices and the continued growth of e-commerce and m-commerce, the increase of the demand for mutual authentication in m-commerce transactions, the acceptance of Elliptic Curve Cryptography (ECC) technology as an industry standard, the market acceptance of our principal products and sales of our customer’s products, the impact of competitive products and technologies, the possibility of our products infringing patents and other intellectual property of fourth parties, and costs of product development. Certicom will not update these forward-looking statements to reflect events or circumstances after the date hereof. More detailed information about potential factors that could affect Certicom’s financial results is included in the documents Certicom files from time to time with the Canadian securities regulatory authorities.