RSA remains popular with developers because implementation requires only multiplication routines, leading to simpler programming and higher throughput, Kocher says. Also, all the applicable patents have expired. For its part, EC is better when there are bandwidth or memory constraints, he adds.
The Quantum Leap
But this tidy world of cryptography may be seriously disrupted by the arrival of quantum computers.
"There has been tremendous progress in quantum computer technology during the last few years," says Michele Mosca, deputy director of the Institute for Quantum Computing at the University of Waterloo in Ontario. Mosca notes that in the past 15 years, we have moved from playing with quantum bits to building quantum logic gates. At that rate, he thinks it's likely we will have a quantum computer within 20 years.
"It's a game-changer," Mosca says, explaining that the change comes not from improvements in the computer's clock speed, but from an astronomical reduction in the number of steps needed to perform certain computations.
Basically, Mosca explains, a quantum computer should be able to use the properties of quantum mechanics to probe for patterns within a huge number without having to examine every digit in that number. Cracking both RSA and EC ciphers involves that very task -- finding patterns in huge numbers.
Mosca explains that with a conventional computer, finding a pattern for an EC cipher with N number of bits in the key would take a number of steps equal to 2 raised to one-half N. As an example, for 100 bits (a modest number), it would take 250 (1.125 quadrillion) steps.
With a quantum computer, it should take about 50 steps, he says, which means code-breaking would then be no more computationally demanding than the original encryption process.
With RSA, determining the number of steps needed for a solution through conventional computation is more complicated than with EC encryption, but the scale of the reduction with quantum computation should be similar, Mosca says.
The situation is less dire with symmetric encryption, Mosca explains. Breaking a symmetric code like AES is a matter of searching all possible key combinations for the one that works. With a 128-bit key, there are 2128 possible combinations. But thanks to a quantum computer's ability to probe large numbers, only the square root of the number of combinations needs to be examined -- in this case, 264. This is still a huge number, and AES should remain secure with increased key sizes, Mosca says.
Sign up for Computerworld eNewsletters.