A Canadian company has shaved a fraction of a second off the time it takes to verify protected information, which may be the blink of an eye to a user, but a lifetime for a server that can perform millions of calculations a second.
Corp., based in Mississauga, Ont., has arrived at a faster way to verify digital signatures, which are used to guarantee the identity of a person sending an electronic message.
Certicom has focused on the elliptic curve digital signatures algorithm (ECDSA), which is quickly becoming a cryptographic standard and has been embraced by governments in the U.S. and Canada.
Based on Certicom’s benchmark tests, it takes 221 milliseconds to verify an ECDSA. Using a new technique, Certicom has improved the time to 158 milliseconds.
“Typically verification is twice as slow as creating the signature. We’ve been looking for a long time at: how can we make that a lot faster?” said Scott Vanstone, founder and executive vice-president of strategic technology.
“When you’re doing a verification, you’re doing mathematical computation that is typically very intensive. We discovered how we can break that computation up into pieces and do them all in parallel . . . using the same hardware that we have today and using the same software, but using a mathematical technique called the Euclidian algorithm.”
The pieces can be solved simultaneously, thereby reducing the amount of time it takes to arrive at a result. Based on Certicom’s tests, there’s a potential time savings of 40 per cent. A few hundred milliseconds may be barely noticeable to the user who’s decrypting a signature, but the real advantage may be realized by the server that’s forced to crunch the numbers.
Theoretically, a company would require fewer servers to verify the same number of digital signatures, which could translate into cost savings on infrastructure.
Certicom counts among its clients Research in Motion and Motorola. The benchmark tests were accomplished using an ARM7TDMI running at 50 MHz, which is the same processor used by RIM’s BlackBerry device. RIM and other clients have expressed interest in the technology, said Vanstone, and Certicom should have a product available before the end of the year.
Even though the time savings is miniscule by human standards, any improvement to digital signatures could have a positive impact on the user experience, experts said, especially when it concerns handheld devices that access the Internet.
“The time is typically a function of the available processing power,” said Pierre Roberge, an independent analyst based in Toronto. “If you have a device that’s a bit slower, a bit dumber, by optimizing the algorithm you can improve the user experience. Depending on how the algorithm is used in key exchange, you’re not looking at a single transactions . . . but a series of transactions to do a key signature.”
Back in 1999, it took about 15 seconds to exchange key signatures using a BlackBerry, said Roberge, because the algorithm wasn’t optimized and the device used a slower processor than today’s models.
Speed savings may be a benefit to any company that deals with digital signatures, said Mary Kirwan, CEO of Toronto-based security firm Headfry Inc., but an overriding problem is managing public key infrastructure (PKI).
“A lot of the bigger issues are around key management,” she said. “To me, key management is a bigger strain on resources.”
The problem, said Kirwan, is making sure that algorithms don’t degrade over time or become susceptible to attacks. “It’s quite an issue to make sure you have things like key rollover,” she said. “If you don’t do it properly, the whole infrastructure could collapse. If you have multiple users or multiple certificates to be signed, that’s a big infrastructure issue because you’re talking about fairly complex technology.”