The PlayStation 3 cluster at the École Polytechnique Fédérale used in breaking 112bit Elliptic Curve Cryptography

A so called np-hard problem, elliptic curve cryptography is based on the Discrete Logarithm Problem (DLP), or the ease of calculating the next value of a curve over a finite field.  Essentially, it’s easy to calculate the next value, but very hard to find the previous.  ECC is a type of public key crypto, and the DLP problem it is based on is the same mathematical issue used in RSA cryptography.

While this is a so-called brute force attack, where a computer tries all 2⁶⁰ key combinations to break the encryption, it still demonstrates the processing power to perform this sort of attack is available, and not that far from accessible.  The researchers used a bank of 200 Playstation 3s over one year, but estimate the computations would have taken only 3 months with optimizations they made throughout the experiment.  As Moore’s Law dictates computing power doubles every 18 months, so too must cryptographic methods.  The weakest ECC standard currently used is 160 bits, which is 1 million times stronger in terms of complexity than that broken by the Swiss researchers.  By 2010, the National Institute of Standards and Technology, the governing body for cryptography, will replace the 160 bit version with a higher strength, 224 bit version.

CIPP Candidate Preparation

In preparation for the Certified Information Privacy Professional exam, a privacy professional should be comfortable with topics related to this post including:

• Information Security (Foundations: II.C) including: Encryption (data-at-rest) and Threats & Vulnerabilities