Elliptic curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. One of the main benefits in comparison with non-ECC cryptography (with plain Galois fields as a basis) is the same level of security provided by keys of smaller size.

Elliptic curves are applicable for encryption, digital signatures, pseudo-random generators and other tasks. They are also used in several integer factorization algorithms that have applications in cryptography, such as Lenstra elliptic curve factorization.

Public-key cryptography is based on the intractability of certain mathematical problems. Early public-key systems are secure assuming that it is difficult to factor a large integer composed of two or more large prime factors. For elliptic-curve-based protocols, it is assumed that finding the discrete logarithm of a random elliptic curve element with respect to a publicly known base point is infeasible: this is the "elliptic curve discrete logarithm problem" or ECDLP. The entire security of ECC depends on the ability to compute a point multiplication and the inability to compute the multiplicand given the original and product points. The size of the elliptic curve determines the difficulty of the problem.

The primary benefit promised by ECC is a smaller key size, reducing storage and transmission requirements, i.e. that an elliptic curve group could provide the same level of security afforded by an RSA-based system with a large modulus and correspondingly larger key: for example, a 256-bit ECC public key should provide comparable security to a 3072-bit RSA public key.

The use of elliptic curves in cryptography was suggested independently by Neal Koblitz[1] and Victor S. Miller[2] in 1985. Elliptic curve cryptography algorithms entered wide use in 2004 to 2005.

For current cryptographic purposes, an elliptic curve is a plane curve over a finite field (rather than the real numbers) which consists of the points satisfying the equation

along with a distinguished point at infinity, denoted . (The coordinates here are to be chosen from a fixed finite field of characteristic not equal to 2 or 3, or the curve equation will be somewhat more complicated.)

This set together with the group operation of elliptic curves is an Abelian group, with the point at infinity as identity element. The structure of the group is inherited from the divisor group of the underlying algebraic variety. As is the case for other popular public key cryptosystems, no mathematical proof of security has been published for ECC as of 2009[update].

The U.S. National Institute of Standards and Technology (NIST) has endorsed ECC in its Suite B set of recommended algorithms, specifically Elliptic Curve DiffieHellman (ECDH) for key exchange and Elliptic Curve Digital Signature Algorithm (ECDSA) for digital signature. The U.S. National Security Agency (NSA) allows their use for protecting information classified up to top secret with 384-bit keys.[3]

While the RSA patent expired in 2000, there may be patents in force covering certain aspects of ECC technology, though some (including RSA Laboratories[4] and Daniel J. Bernstein[5]) argue that the Federal elliptic curve digital signature standard (ECDSA; NIST FIPS 186-3) and certain practical ECC-based key exchange schemes (including ECDH) can be implemented without infringing them.

Link:
Elliptic curve cryptography - Wikipedia, the free encyclopedia

Quantum cryptography describes the use of quantum mechanical effects (in particular quantum communication and quantum computation) to perform cryptographic tasks or to break cryptographic systems.

Well-known examples of quantum cryptography are the use of quantum communication to exchange a key securely (quantum key distribution) and the hypothetical use of quantum computers that would allow the breaking of various popular public-key encryption and signature schemes (e.g., RSA and ElGamal).

The advantage of quantum cryptography lies in the fact that it allows the completion of various cryptographic tasks that are proven or conjectured to be impossible using only classical (i.e. non-quantum) communication (see below for examples). For example, quantum mechanics guarantees that measuring quantum data disturbs that data; this can be used to detect eavesdropping in quantum key distribution.

Quantum cryptography was proposed first by Stephen Wiesner, then at Columbia University in New York, who, in the early 1970s, introduced the concept of quantum conjugate coding. His seminal paper titled "Conjugate Coding" was rejected by IEEE Information Theory but was eventually published in 1983 in SIGACT News (15:1 pp.7888, 1983). In this paper he showed how to store or transmit two messages by encoding them in two "conjugate observables", such as linear and circular polarization of light, so that either, but not both, of which may be received and decoded. He illustrated his idea with a design of unforgeable bank notes. In 1984, building upon this work, Charles H. Bennett, of the IBM Thomas J. Watson Research Center, and Gilles Brassard, of the Universit de Montral, proposed a method for secure communication based on Wiesners "conjugate observables", which is now called BB84.[1] In 1990 Artur Ekert developed a different approach to quantum key distribution based on peculiar quantum correlations known as quantum entanglement.[2]

Random rotations of the polarization by both parties (usually called Alice and Bob) have been proposed in Kak's three-stage quantum cryptography protocol.[3] In principle, this method can be used for continuous, unbreakable encryption of data if single photons are used.[4] The basic polarization rotation scheme has been implemented.[5]

The BB84 method is at the basis of quantum key distribution methods. Companies that manufacture quantum cryptography systems include MagiQ Technologies, Inc. of Boston, ID Quantique of Geneva, Switzerland, QuintessenceLabs (Canberra, Australia) and SeQureNet (Paris).

The most well known and developed application of quantum cryptography is quantum key distribution (QKD), which is the process of using quantum communication to establish a shared key between two parties without a third party (Eve) learning anything about that key, even if Eve can eavesdrop on all communication between Alice and Bob. This is achieved by Alice encoding the bits of the key as quantum data and sending them to Bob; if Eve tries to learn these bits, the messages will be disturbed and Alice and Bob will notice. The key is then typically used for encrypted communication using classical techniques. For instance, the exchanged key could be used as the seed of the same random number generator both by Alice and Bob.

The security of QKD can be proven mathematically without imposing any restrictions on the abilities of an eavesdropper, something not possible with classical key distribution. This is usually described as "unconditional security", although there are some minimal assumptions required including that the laws of quantum mechanics apply and that Alice and Bob are able to authenticate each other, i.e. Eve should not be able to impersonate Alice or Bob as otherwise a man-in-the-middle attack would be possible.

Following the discovery of quantum key distribution and its unconditional security, researchers tried to achieve other cryptographic tasks with unconditional security. One such task was commitment. A commitment scheme allows a party Alice to fix a certain value (to "commit") in such a way that Alice cannot change that value while at the same time ensuring that the recipient Bob cannot learn anything about that value until Alice decides to reveal it. Such commitment schemes are commonly used in cryptographic protocols. In the quantum setting, they would be particularly useful: Crpeau and Kilian showed that from a commitment and a quantum channel, one can construct an unconditionally secure protocol for performing so-called oblivious transfer.[6]Oblivious transfer, on the other hand, had been shown by Kilian to allow implementation of almost any distributed computation in a secure way (so-called secure multi-party computation).[7] (Notice that here we are a bit imprecise: The results by Crpeau and Kilian[6] and Kilian[7] together do not directly imply that given a commitment and a quantum channel one can perform secure multi-party computation. This is because the results do not guarantee "composability", that is, when plugging them together, one might lose security. Later works showed, however, how composability can be ensured in this setting.)

Unfortunately, early quantum commitment protocols[8] were shown to be flawed. In fact, Mayers showed that (unconditionally secure) quantum commitment is impossible: a computationally unlimited attacker can break any quantum commitment protocol.[9]

Here is the original post:
Quantum cryptography - Wikipedia, the free encyclopedia

Portable PGP :: PGP Everywhere!

Portable PGP is a fully featured, lightweight, java based, open source PGP tool.

It allows to encrypt,decrypt,sign and verify text and files with a nice and absolutely straight graphical interface.

It's absolutely simple to use and provides everything you need to get started with PGP cryptography.

(Jun 2012) New version 1.0.7 released ! Works with Oracle Java 7, Windows 7 x64 and Ubuntu (x64) OpenJDK

Downloads

On the go USB-Stick version available ! After a long wait, the USB-Stick version of PortablePGP is ready. It's a simple zip file that you've to decompress on the root folder of your USB drive and allows to run PortablePGP on both Windows and Linux platforms without the need of installing it and without the need to have a Java virtual machine installed(a private JRE is bundled in)

Runs everywhere USB-Stick : Proceed to download

Otherwise, if you prefer to download and install it as a standard application

Fully automatic setup for Windows : PortablePGP-setup.exe

Continue reading here:
Portable PGP - SourceForge

Aurich Lawson / Thinkstock

For almost two decades, the open source GnuPG encryption project has teetered on the brink of insolvency. Now, following word of that plight, the lone developer keeping the project alive has received more than $135,000in a single day, no less.

Short for Gnu Privacy Guard, GnuPG or simply GPG was first conceived in 1997. It makes upthe guts that run GpG4Win, GPG Tools, and Enigmail, encryption programs that run on Windows, Macs, and as a plugin for the Thunderbird e-mail program respectively. An open source version of Phil Zimmermann's PGP, GnuPG quickly surged in popularity. Because it was written by a German citizen outside the US, it wasn't subject to then-draconian US laws restricting the export of strong cryptography technologies. Former NSA whistleblower Edward Snowden relied on the program to evade monitoring as he carried out his massive leak of top-secret documents. Many journalists and security professionals also swear by it.

Despite the popularity of the program, Werner Koch has struggled to make ends meet. According to a profile published Thursday by ProPublica, the 53-year-old resident of Erkrath, Germany, grew so impatient with the lack of funding that he considered abandoning the project and taking a better paying programming job. When documents leaked in 2013 by Snowden showed the extent of NSA surveillance, he decided the time wasn't right to drop the project. He has been stuck in limbo ever since.

Things took a dramatic about-face following the ProPublica post. According to the GnuPG front page, the project brought in 120,000 (the equivalent of about $135,600) in donations in the first 24 hours following publication. That didn't include a 60,000 infusion that was recently donated from a group called the Core Infrastructure Initiative and payments of 50,000 each from Facebook and payment service Stripe.

The financial strain Koch has endured underscores a cruel irony that has only recently come to light. Developers of some of the most sensitive and mission-critical software often struggle to maintain their projects, while many who sell smartphone apps and other comparatively less crucial software are flush with cash. It wasn't until last year's surfacing of the catastrophic Heartbleed vulnerability in the OpenSSL crypto library that it became common knowledge the project had just one employee working full time and typically received just $2,000 per year in donations. In response, the Linux Foundation spearheaded the Core Infrastructure Initiative to fund OpenSSL and similar projects. The initiative gets financial support from the likes of HP, IBM, Red Hat, Intel, Oracle, Google, Cisco, and others.

It's encouraging to see the GnuPG project benefitting from similar largess. But it also raises the question: how is the money best spent? Matt Green, a professor specializing in cryptography at Johns Hopkins University, said he has looked at the GnuPG source code and found it in such rough shape that he regularly assigns chunks of it to his students for review.

"At the end I ask how they felt about it and they all basically say: 'God, please I never want to do something like this again,'" Green told Ars.

The main problem with the code, he said, is it hasn't been properly maintained over the years.

"It's overly complex," he explained. "It's not maintained by enough people, given how big it is, and it contains a lot of old cruft that should be gotten rid of. When it got re-engineered from version 1 to version 2, version 2 got re-engineered in this abstract way [so] that it's hard to figure out what's going on on the back end."

See the original post:
Once starving GnuPG crypto project gets a windfall. Now comes the hard part