To all Certs here:
And I know this question has probably come up before, so please be patient w/ me. Does Certicom compete in any way with Verisign? I understand, from visiting Verisign's website, that in some fashion Verisign "sides" with RSA in some of their applications. Please educate me. Here is a brief snippet from RSA Laboratories "FAQ" which appears on the Verisign site:
Question 3.5.2 "Are elliptic curve cryptosystems secure?"
Answer: In general, the best attacks on the ellyptic curve discrete logarithm problems have been general brute-force methods....by the middle of 1998 there were no major developments as to the security of these cryptosystems. The longer this situation continues, the more confidence will grow that they really do offer as much security as currently appears...however, a sizeable group of very respected researchers (ie.them) have some doubts as to whether this situation will remain unchanged for many years.
In particular, there is some evidence that the use of special ellyptic curves, sometimes known as Koblitz curves, which provide very fast implementations, might allow new specialized attacks...While RSA Laboratories believes that continued research into elliptic curve cryptosytems might eventually create the same level of widespread trust as is enjoyed by other public key techniques, (provided there are no upsets!), the use of special purpose curves will most likely always be viewed with extreme skepticism."
Any comments on the above? I am quite confused by their statements about "Koblitz curves," and whether they view these curves as a threat or not to ECC and RSA. Dpes anyone here understand Koblitz curves? Is a threat to ECC?
I appreciate any and all comments on the above, and also regarding Verisign. They seem to be quite the little cash machine, and I hope Certicom is not aiming for the same market/products.
Thanks in advance,
Charlie R. |
