 |
|
March 2, 2005 - MISSISSAUGA, Ontario
|
NSA Names ECC as the Exclusive Technology for Key Agreement and Digital Signature Standards for the U.S. Government
MISSISSAUGA, Ontario – (March 2, 2005)– Elliptic Curve Cryptography (ECC), a strong, efficient public key cryptosystem, will soon become the standard to protect U.S. government communications. On February 16, 2005 at the RSA conference, the National Security Agency (NSA) presented its strategy and recommendations for securing U.S. government sensitive and unclassified communications. The strategy included a recommended set of advanced cryptography algorithms known as Suite B for securing sensitive but unclassified data.
The only public key protocols included in Suite B are Elliptic Curve Menezes-Qu-Vanstone (ECMQV) and Elliptic Curve Diffie-Hellman (ECDH) for key agreement and Elliptic Curve Digital Signature Algorithm (ECDSA) for authentication. The Advanced Encryption Standard (AES) for data encryption and SHA for hashing are also included. All of the Suite B algorithms are consistent with the National Institute of Standards and Technology (NIST) publications.
Interoperability and information sharing are two key principles in the NSA strategy. In his remarks, Daniel Wolf, the NSA's information assurance director discussed the importance of sharing information between departments and using consistent and strong standards to protect that information. The NSA recommends that the same level of security that is used to protect mission critical information-ECC-based protocols-now be extended to protect sensitive and unclassified data.
"The NSA strategy is major news for the security industry and all government agencies or suppliers because it sets the security standards for at least the next few decades. The NSA has stated that there are more than 1.3 million cryptographic devices in the U.S. inventory, over 75 percent of which will be replaced during the next decade under the U.S. Crypto Modernization Program," said Dr. Scott Vanstone, Certicom's founder. "A system is only as strong as its weakest link. By using the same high level of protection for all communications, especially security that is standards-based and interoperable, agencies and all organizations can establish a trusted system that is much harder to compromise."
|
|
|
