Thales has just launched a new range of nShield products that offer the world’s fastest Elliptic Curve Cryptography (ECC) in a high assurance hardware security module. To coincide with this launch, I thought I’d explain why ECC is becoming an increasingly important alternative to other popular public key encryption algorithms.
The security of many information systems and critical infrastructure now relies on cryptography to underpin integrity, authentication and data protection. When an architect is designing an IT system, they need to consider the security, compliance and performance goals in addition to ensuring that they deliver a solution with the required functionality and design life.
Cryptography should be considered a toolbox, and it is the job of the architect to select the most suitable tools for a particular job. While there are many specialized cryptographic tools, the strength of the security ultimately depends upon the resistance of a given cryptographic algorithm and its keys to hostile attack.
To use an analogy, not all physical door locks can be considered equal. High quality locks use more complex keys and will be much harder for an attacker to overcome than a lower quality lock. In the same way, many encryption algorithms can be used with larger keys that increase resistance to attack.
However, cryptography can be considered an arms race, where potential attackers have access to increasingly powerful computing resources and techniques to try and calculate key values. The result is that some algorithms and key sizes that were considered secure in 2010 are unlikely to be secure from attack in 2030. The simplest solution for the architect is to use a longer key. In the case of the popular RSA algorithm, this has several undesirable consequences.
First, doubling the length of an RSA key reduces performance by a factor of 5-7. Depending upon the individual use case, this can have a detrimental impact on signature, decryption or key generation performance. Second, with the RSA algorithm, keys are large relative to the effective security that they provide. For example: an RSA key needs to be over 15,000 bits in length to offer the same resistance to attack as a 256 bit AES key.
Moving to ECC can result in vastly improved key generation performance that’s over 1,000 times faster for equivalent security to a long RSA key. Once a key has been securely generated, the use of an ECC key can also be dramatically faster, particularly in embedded devices such as smart cards, smart meters and mobile telephones. When these performance benefits are combined with the smaller key size, that reduces network, memory and storage overheads, ECC becomes compelling for systems that must remain secure for several years. For these reasons, many embedded technologies, such as smart cards, that are used as long term identity and access credentials now support ECC.
The newly launched nShield 6000+ HSMs will typically be deployed in credential issuance or cloud service environments, where high transaction rates are required to support large populations of users or smart devices. By using these new Thales HSMs, architects will be able to achieve the highest possible levels of security while avoiding performance bottlenecks. Ultimately, this enables organisations to eliminate the need to plan costly migrations to larger key sizes or to re-issue credentials prematurely.