Skip to main content

Sun commits to Elliptic Curve Cryptography

Sun Microsystems , the creator of the Solaris operating system (Solaris OS), announced that Elliptic Curve Cryptography (ECC) is now interoperable across multiple platforms, including Solaris OS, Windows and Linux.

Spearheaded by Sun Labs, Certicom, Microsoft and Red Hat under the ECC Interoperability Forum umbrella, completion of this large undertaking helps ensure that ECC products from these vendors will integrate seamlessly, providing end-to-end security for customers. Leading security companies like RSA and VeriSign have joined the ECC Interoperability Forum, as have open source software projects like Mozilla and Apache.

For years, RSA has been the industry standard for public-key cryptography. Today's 1024-bit RSA keys are expected to double by 2010, putting a very large load on both clients and servers, slowing secure on-line transactions, and greatly exceeding the computational and memory constraints for wireless, mobile devices.

ECC offers the same level of security as RSA while using smaller keys. Smaller keys result in faster computations as well as memory, energy and bandwidth savings. The National Security Agency (NSA) has endorsed ECC as the public-key technology of choice for protecting sensitive U.S. Government information. Security sensitive organizations worldwide are expected to follow the NSA's lead and embrace ECC in a big way, especially in the wake of regulatory requirements such as Sarbanes-Oxley and HIPAA.

"Security is an industry-wide concern that affects nearly every IT company and customer. The full value of a new security technology can only be realized if that technology is deployed broadly and the deployed implementations inter-operate seamlessly," said Vipul Gupta, Distinguished Engineer, Sun Labs. "By teaming with Microsoft, Red Hat, Certicom and others, we were able to extend ECC interoperability to Solaris OS, Windows and Linux -- the world's most pervasive operating systems. With the interoperability hurdle cleared, our customers can immediately start taking advantage of the significant performance and security benefits offered by ECC."

For more than five years, the Next-Generation Cryptography team at Sun Labs has been investigating ECC and exploring its potential. Sun Labs' numerous contributions to the development and industry adoption of ECC include:

*Open source code contributions of ECC functionality to OpenSSL/Apache and Firefox/Mozilla, Leading the effort to get ECC standardized within secure socket layer (SSL/TLS), the Internet's dominant security protocol. This open specification has now been published as IETF RFC 4492 and is implemented in security products from major technology vendors and open source projects, and

*Building ECC into Sun Java Web Server(TM) 7.0, Java(TM) SE platform 6.0 and recently taped-out Niagara2 processors.

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at ITProPortal.com where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.