Newsgroups: sci.crypt
Path: msuinfo!caen!sdd.hp.com!elroy.jpl.nasa.gov!ames!ictv!barry
From: barry@ictv.com (Barry Lustig)
Subject: Found in comp.sys.next.misc  (Re: FEE article from EET)
Message-ID: <1992Feb4.192043.10312@ictv.com>
Keywords: FEE Fast Elliptic Encryption NeXT
Organization: ICTV, Santa Clara, CA (408) 562-9200
References: <1992Feb4.032601.21935@gagetalker.com>
Date: Tue, 4 Feb 1992 19:20:43 GMT


Extracted from Feb 3, 1992 edition of Electronic Engineering Times, 
Copyright 1991 by CMP Publications, Inc. All rights reserved.

DATA SECURITY MAY BE BUNDLED WITH NEXT'S OPERATING SYSTEM

Next step is encryption
By Robert H. Blissmer

Redwood City. Calif. - A highly secure data-encryption system  
developed at Next Inc. (Redwood City. Calif.) soon may be bundled  
with the company's recently announced NextStep Release 3.0 operating  
system, pending approval from the commerce branch of the National  
Security Agency. The new cryptography software uses a highly secure  
technique called Fast Elliptic Encryption. which was developed at  
Next by one of its chief scientists, Richard Crandall.

The system is based on a technology called public key encryption.  
Public key systems use a matched pair of mathematically related  
encryption-decryption keys: a public key and a secret key. Each key  
performs a oneway transformation of data. Public keys are listed in a  
directory, but secret keys are khown only to their owners. For  
example. to send a private message. user A encrypts a message with  
user B's public key. User B decodes the message with his secret key.

Public key systems also can be used for message authentication. To  
digitally sign a message. A encrypts the message with his or her  
secret key. B (or any other user) can then use A's public key to  
decrypt the message. Since only user A can use his secret key. the  
encrypted message becomes a kind of electronic signature.

The Fast Elliptic Encryption system provides the public key, and  
encrypts the private key needed to decode the message. All data is  
encrypted using the federal government's Digital Encryption Standard  
(DES).
 -   
The Next system is based on elliptic-curve algebra.TraditionalIy,  
encryption systems based on elliptic-curve algebra have heen  
computationally intensive. However, Crandall's team has implemented a  
numher of proprietary techniques to reduce the required CPU work  
load. For example. a tunable encryption bit-depth parameter is used.  
This makes possible the use of smaller or larger bit-lengths for the  
key, providing different levels of security. Small keys can be easily  
created. However. in cases where the larger keys that are harder to  
crack--so-called deep encryption-are.required, special techniques  
have been implemented so that relatively fast key exchange is still  
possible. "Fast Elliptic Encryption is currently proprietary and a  
patent application has been filed. although Next would like its  
encryption system to interoperate with other systems." said Lisa  
Pfau, software product marketing manager for Next. "When and if the  
legal details are worked out. the methodology will be made public,  
while the algorithm and source code will be provided by Next for a  
Licensing fee."

One restriction on NextMail encryption in NextStep 3.0 is the use of  
only a single pubic key. Therefore, messages can only be sent to a  
group of people who share the same key or to a single person.  
Encrypted NextMail does not currently provide authentication of the  
message sender-just security for the message itself. So. the receiver  
of the message cannot be entirely sure that the alleged sender did  
actually send the message." said Pfau.

 Next claims Fast Elliptic Encryption is as secure as any encryption  
system on the market. Currently. the most widely used encryption  
technology is the RSA Public Key Cryptosystem. developed by RSA Data  
Security Inc. (Redwood City). IBM Corp.. Microsoft Corp.. Lotus  
Development Corp.. Digital Equipment Corp.. Sun Microsystems Inc..  
and Novell Inc.have all either incorporated the RSA system into their  
products or have plans to include it.
 
The above was entered via  a HSD FaxMaster and OCR Servant.
-- 
