OpenSSL Gets Cryptography Gift From Sun

Kataire writes "C|Net posted this story about how Sun Microsystems' has donated 'elliptic curve' encryption technology, (developed by Whitfield Diffie of Diffie-Hellman public key fame) to the OpenSSL project. This potentially means better encryption for lighter-weight systems such as PDAs."

Great!

[mdechene]

Now I can keep my pesky roommates out of my palms oh-so-full social calendar.

Re:Great!

[Soko]

Now I can keep my pesky roommates out of my palms oh-so-full social calendar.

You mean right now you let *your* palm *date* your friends? Ewww....

Re:Great!

[Darkforge]

Actually, there is a real use for widespread heavy-duty crypto, even on a PDA: encrypted money tokens.

If strong encrypted money tokens were to be implemented on a wide scale for, say, Palm PocketPC, Zaurus, and maybe a special purpose StrongARM device, you could expect to see a cheap widespread secure electronic payment mechanism that you can use for micropayments.

Aside from the novelty of buying lunch with your PDA, this could be the next step towards truly secure electronic transfers. You can say goodbye to corporate privacy violations when you can pay for your online goods with secure anonymous electronic cash.

Imagine paying your peers in a P2P system for MP3s/OGGs/whatever. Providing fat bandwidth for P2P would be a potential money-maker, not merely a labor of love. Throw in an anonymizing protocol and you're selling MP3 bandwidth online securely and untraceably; the RIAA couldn't shut you down, because there'd be no way to figure out who you were.

That's the power of widespread strong crypto, especially in small devices.

Re:Great!

[cant_get_a_good_nick]

I don't know if you guys remember, but PayPal started off as a Palm App. It started as a solution for the bane of business lunches - having no money or just $20 bills and having to split, and then having to remember everything. So you could beam folks money adn it would show up in yur account. The problem is synching up the money, what if you reset your Palm before you synch the money to your account (I lost my $5 that way). They quickly realized that the amount of money in splitting a check wasn't as big as the big boy of trying to pay over the Internet, and they switched their model pretty quickly to that, quite successfully I might add.

It's not really that surprising

[bsharitt]

Sun is basically "arming the rebels" so they can better fight Microsoft. Even though they may have other motives, it's nice of them anyway.

Re:It's not really that surprising

[Billly+Gates]

"Sun is basically "arming the rebels""

No. I think it this move was designed to improve Apache's security and make it a greater e-commerce tool on solaris( and unix). Sun relizes that more sun webservers use apache then Iplanet so they are donating the code to openssl since apache uses it by default. And not to just attack Microsoft. However I do question the timing since newly discovered ssl flaw recently in IIS/IE is making headline news and CIO's nervous.

Something like this may have an impact in e-commerce purchasing decisions. .NET has made alot of hype and headway into the ecommerce market because its so easy to write a vb.net ecommerce site these days. In VB.NEt you can declare a subroutine as a webservice or applet(never used it but seen it)and it instantly becomes a servlet. This is something Sun has to fight. Windows Developers are really rallying upon .NET because thats all they know. Same reason why SQL-Server is getting popular. With palladium security will be a non issue so who knows what will happen. I do not see how sun could fight this unless use the more open TCPA standard. At least that one is not owned by Microsoft like palladium.

Re:It's not really that surprising

[SquadBoy]

IMHO Sun because with the new workstations they are making you can get a Sun for the same price or less than a Dell. And *never* underestimate the power of "Geek Cool". And just how cool it is to have a Sun and just how uncool it is to have a Dell. :)

Re:It's not really that surprising

[AntiTuX]

okay, I know this is a personal thing, but it's iPlanet, not Iplanet, or IPlanet. I used to work there, and it drove me nuts when someone would misspell it.

I'll probably get modded out of commision for this, but I just really get tired of misspellings.
Even though I was on the netscape side, and got laid off, I'm still loyal to iPlanet. They gave me my start in the IT world (head Sysadmin for iPlanet Learning Solutions), and I can't thank them enough for it.

Shouldn't this be placed under a different section

[questionlp]

Although I use and keep up with the BSD side of things, but I think this affects the entire open source community as a whole, including xBSD, Linux, Apache+SSL, and gobs of other software that utilizes SSL for security.

Nonetheless, it is great to see Sun contributing back to the community.

This does bring up one question in my mind though... could this be used in SSL acceleration cards to improve the effiency of the SSL 'processor' (i.e.: keep the same performance level while reducing the amount of power necessary)?

Good for more then PDA's

[afidel]

Since there is no known weakening from quantum computers of elyptic curve cryptosystems EC's may well be better for long term cryptography, even on supercomputers. Since it is pretty well known that the massive parallelism of quantom computers will greatly increase the ability of future systems to factor large numbers more traditional cyphers will be under more pressure.

Re:Good for more then PDA's

[jbrandon]

That's just not true; Shor's algorithm transfers quite nicely to solving what is essentially the discrete log problem in a group. IOW: Elliptic curve cryto is not any safer. See This

Offering from large companies

[phorm]

Has anybody noticed a trend lately of large corporations or companies making offers to the public source movements. Is this a play between them for notice, or are they finally starting to figure out that it's better to play nice with open source than fight against it?

Re:Offering from large companies

[kevin+lyda]

sun has been contributing to free software for decades. they didn't make a big production of it, but it's been happening anyway. now yes, for the past few years they've been rather obnoxious on certain fronts, but for the most part they've done their bit.

denegrating this contribution as if it's a new position sun isn't very fair to their company or their developers.

Re:elliptic curves?

[plcurechax]

but since they are modular, we could also use them for traditional pgp style encryption, no? instead of symmetric keys, you could use a public key.

SSL and PGP (or preferrably the newer OpenPGP) standard both use a hybrid scheme which uses both asymmetric and symmetric encryption algorithms.

If you mean could elliptic curves schemes (ECDLP, ECDSA, ECDH) be used in OpenPGP as well as SSL/TLS; then yes as long as it was added to the OpenPGP standards which I don't think includes ECC yet but has spaces reserved for future ECC use.

Re:Shouldn't this be placed under a different sect

[JDizzy]

OpenSSL is not the child of OpenBSD, nor a cousin of OpenSSH. OpenSSL is an independant project.

OpenSSH is a baby of openBSD, and OpenSSH depends on OpenSSL.

The Eliptic curve stuff was donated to OpenSSH team, not the OpenSSL group. So dreaming about this in your ssl accelerated card of the future is a bit silly. However, if openSSH team open sources the tech, and that tech is under bsd lisence, then maybe it will work its way down into the chip makers crypto designes.

Bush's advisor present, official government suppor

You know what that tells us, right?

The NSA can already crack it. :)

Wrong. OpenSSL != OpenSSH

[plcurechax]

OpenSSL is written by the OpenBSD people

Not quite.

OpenSSL is maintained by OpenSSL core members: Ralf S. Engelschall, Ben Laurie, Mark J. Cox, Dr. Stephen Henson, and others developers.

OpenSSH was written by OpenBSD members (Theo de Raadt, Niels Provos, Markus Friedl, Dug Song, and others). OpenSSH uses OpenSSL as a cryptographic library source (it is highly optimized for many processors).

Re:Is this the same as featured before?

[AndersM]

No... But there is a distributed project out there working very hard to crack it - but so far elliptic curve encryption holds out...

By the way, Ars Technica has a team working hard on this project, and they I'm sure they'd like some help... ;-)

Re:NeXT, did NOT invent ECC.

[plcurechax]

...given that it was invented by NeXT?

Sorry, Ellipitic curve cryptography was invented independantly by Neal Koblitz, Professor of Mathematics at the University of Washington and Victor Miller who was then at IBM.
(Source)

it's all strategy

[g4dget]

Companies give software away for many reasons: PR, establishing standards, driving competitors out of the market, and hurting competitors financially are among them. Sharing development efforts may be as well, but usually is not. Sometimes such strategies are combined with "dual licensing schemes", where open source is used to gain a foothold in a commercially meaningless part of the market to prop up a product that otherwise wouldn't be competitive.

Not all such gifts are useful for the recipient, and some are genuinely harmful to the interests of open source users. So, do look a gift horse in the mouth, or you may be stuck with large vet bills otherwise.

This one seems harmless if it is on unpatented technology, or if the patents are free for use by open source.

Whitfield Diffie did NOT invent ECC

[plcurechax]

'elliptic curve' encryption technology, (developed by Whitfield Diffie of Diffie-Hellman public key fame)

Elliptic curve cryptography was indepentantly
invented by Neal Koblitz, Professor of Mathematics at the University of Washington and Victor Miller who was then at IBM.
(Source)

Whitfield Diffie is Sun's chief security officer, and co-invented public-key cryptography.

Re:Why is this significant?

[plcurechax]

I know the keys used for ECC are generally smaller, but that seems like a fairly minor consideration even for PDAs

ECC uses smaller keys, which is suitable for very small networked devices like network appliances, that use cheap (<$1) 8-bit microprocessors with very small amounts of NVRAM.

Is eliptic curve cryptography actually faster than RSA?

Yes, which is the major advantage over RSA, more important in most applications than the storage of smaller keys. I don't know exactly but I estimate in the area of 10 to 100 times faster for "equal" level of confidence in security.

And if it IS faster, wouldn't it be much more useful for web servers than for PDAs?

Think mobile phones, or cheap network household appliances with 8 and 16-bit microprocessors with clock speeds less than 12MHz. It also means lower power comsumption which is important for most battery powered devices.

wrong, wrong, _wrong_ !

[jacobb]

You are wrong, wrong, wrong . plain and simple.

In fact, it has and can be easily shown that by solving "the factoring problem" (as it's oh-so-vulgarly put) or the discrete log problem of classical public key cryptosystems, one solves EC's. The problems are extensions of one another, and the solution to one is trivially deducible from the solution to another.
your statement was like saying "unlike Webster's Dictionary, the Oxford English Dictonary has no words in it" - pure and utter nonsense. gibberish.

All ECC's are (in boiled-down essence), is a Discrete Log problem on a cubic whose solutions are confined to a torus. (i.e. 'elliptic curve').
while it's true that the keysize needed for secure ECC is much, much smaller and increases much much more slowly than either DL (discrete log) or IF (integer factorization) [both of which are essentially exactly the same] systems, this has to do with the way the field is set up and how the keys correspond.

Sounds like something 'the tick' would say

[ocie]

Well Arthur, it looks like this elipse has come full circle.

License?

[rweir]

Is it under a 4-clause or 3-clause BSD license? OpenSSL is _still_ under the 4-clause license, with the `obnoxious advertising clause' which says that you have to mention the developers in all advertising materials.
Not such a big deal, you might say, but there are two big problems with this: 1) It's incompatible with GNU GPL, so no straight GPL software can use OpenSSL, and 2) it causes huge practical problems.

Theses issues are a big problems for Debian, in particular.

sun labs

Sun has a pretty good site with some informative documentation and a link to OpenSSL's cipher downloads

1. http://research.sun.com/projects/crypto/

Merkle invented public-key cryptography (too)

[Ungrounded+Lightning]

Whitfield Diffie is Sun's chief security officer, and co-invented public-key cryptography.

Actually, Ralph Merkle invented public-key cryptography (too). Merkle's article was SUBMITTED first, though the Diffie-Hellman article was PUBLISHED first while Merkle's was still going through the review process.

Not to disparage any of 'em. Merkle and Diffie & Hellman both invented it separately.

And for you people who follow Nanotech and/or Cryonics, yes it's THAT Ralph Merkle (who didn't invent either cryonics or nanotech, though he does much great work to advance them).

Three types of elliptic curves

[Florian+Weimer]

There is a saying that in cryptography, there are three types of elliptic curves: the insecure ones, the inefficient ones, and those that have been patented by Certicom.

I wonder which curves can be used with the code offered by Sun.