Sun Microsystems Laboratories has contributed source code for elliptic curve cryptography to the OpenSSL open source security project.
The new cross-platform source code is available under the open secure socket layer (OpenSSL) project’s open source license, which allows free use for both commercial and non-commercial purposes.
Elliptic Curve cryptography itself is an emerging public key cryptosystem providing the same degree of security as those used in SSL today but at approximately one-eighth the key size, according to Sun Microsystems chief security officer Whitfield Diffie.
“ECC keys are one eighth as long as keys currently used and, therefore, more suitable for small devices with limited power and storage,” Diffie said.
“This will allow the builders of an upcoming generation of tiny Web clients to enjoy the security benefits of an open-source implementation of SSL.”
To promote the uptake of ECC, Sun Labs’ contributions include the addition of ECC cipher suites based on the current IETF Internet-draft, co-authored by Sun; the implementation of the Elliptic Curve Diffie-Hellman key agreement protocol based on ANSI X9.63; and, the addition of elliptic curve support over binary polynomial fields and the underlying arithmetic library completing the Elliptic Curve cryptography library in OpenSSL, according to Sun Microsystems Laboratories director Jim Mitchell.
“Sun Labs researchers are actively contributing to the deployment of next generation security mechanisms, both by working on standards development and by freely sharing technology developed by Sun,” Mitchell said.
“With the inclusion of ECC in OpenSSL, Sun is seeding the adoption of key technologies critical to the security needs of the wireless mobile industry, and the coming tsunami of small devices reachable over the Internet.”
The latest version of OpenSSL code containing ECC cipher suites can be found at ftp://ftp.openssl.org/snapshot/ with the download file openssl-SNAP-20020911.tar.gz or later version.