PKI, elliptic curve cryptography, and digital signatures

Abstract

Global electronic commerce (E-comm) necessitates a high degree of trust in its operation for widespread acceptance at government, enterprise and individual levels. In order to achieve this cryptographic systems must play a major part in the overall ‘trust-building’ cycle and, within the cryptography realm, public key cryptography has emerged over twenty years as the key element. However, public key cryptography requires a public key infrastructure to exist for it to become useful and for associated algorithms to be proven and accepted, particularly where those algorithms are used for ‘digital signature’ purposes. This paper assesses the situation in relation to differing models for such public key infrastructures that have emerged and also to differing algorithms that play a role in the creation and verification of digital signatures. An emphasis is placed on the emerging use of elliptic curve cryptography (ECC) as an alternative to more widely accepted public key algorithms. Overall, the need to allow for multiple algorithms is emphasized as being prudent and a safeguard against any unforeseen ‘cracking’ of a particular algorithm that may be in use. Both technical and policy parameters in this area are outlined in the paper. However, the paper concludes that lack of government, and particularly parliamentary, leadership and firm decision making in the area of public key infrastructure and associated legal and management regulation means that resulting reliance on market forces may simply cause disparate regimes to be created that will impede orderly global electronic commerce.