Article from the Web Centre

Rohit Khare (
Thu, 30 Sep 1999 17:33 -0400

Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

This e-mail has been sent to you by Rohit Khare( fr=
om the Web Centre.

Message: For the record, the whole piece follows...

The Globe and Mail, Thursday, September 30, 1999

Math wizards accept dare, crack top-secret code

By Simon Tuck

Ottawa -- An international team of 195 math wizards has cracked an ultracom=
plex computer code -- the most challenging breach to date -- winning an 18-=
month-old dare and $5,000 (U.S.) from a Canadian software security company.

The team, led by 27-year-old Irish mathematician Robert Harley of the Paris=
-based National Institute for Research in Computer Science, spent 40 days l=
ooking for clues to crack the cumbersome and secret code as computers all o=
ver the world churned through an almost limitless string of mathematical po=

The global math project, the result of a challenge by Certicom Corp., of Mi=
ssissauga, Ont., involved 740 high-powered computers from countries as far =
apart as Finland, Australia and Canada that together ran more than 130,000 =
billion computations.

The volunteers in the team are from 20 countries, including Austria, Britai=
n, the United States and Australia.=20

Experts say the math challenge is more about a battle between competing=
security technologies and poses no threat to privacy for popular Internet-=
based uses such as E-mail or on-line shopping. "It doesn't affect practical=
uses," said Paul Van Oorschot, vice-president at electronic security speci=
alist Entrust Technologies Inc. and the co-author of a report that helped t=
he global team find the solution.

Sensitive materials such as E-mail and E-commerce orders -- which usually r=
equire credit-card numbers -- are almost always backed up by security codes=
of at least 160 bits. The massive global team took more than five weeks to=
crack the 97-bit code.

But in the end, participants say, there was no great breakthrough in solvin=
g the problem, just countless hours of crunching numbers. The volunteers ca=
lculated more than one hundred thousand billion points on an elliptic curve=
-- the basis for the company's security technology -- to filter out and id=
entify 127,492 "distinguished" points. From there they calculated which two=
identified points matched.

"It was just a case of trying enough combinations," said Rohit Khare, a 24-=
year-old doctoral student at the University of California at Irvine and a k=
ey code-crackers.

Mr. Khare, Mr. Harley and many of the others involved in the challenge work=
for 4K Associates, a global alliance of Internet experts and electronic se=
curity issues. Four-fifths of the $5,000 winner's prize is being donated to=
the Free Software Foundation, an organization that promotes free software.

The backdrop to the exercise is the battle between two competing technologi=
es -- one based on elliptic-curve algorithms, the other on factoring intege=
rs -- over which security systems will set the standard for electronic comm=
erce and other Internet-based practices that require high-grade safety.

RSA, the technology based on factoring integers, is the industry's leader, =
but a key patent based on that technology is set to expire in September, 20=
00, and open the door for more competition.

Certicom uses its elliptic-curve technology for a variety of small electron=
ic devices such as smart cards, pagers, hand-held computers and wireless te=
lephones. The company said yesterday it expects to issue even harder challe=
nges in the future, but considers this one a great success because it prove=
d their technology is tougher to crack than most experts believed.

"The most important thing for crypto systems is for people to understand ho=
w difficult they are," said Philip Deck, Certicom's chairman and chief exec=
utive officer.

Copyright 1999 The Globe and Mail

Visit the Web Centre for your competitive edge.

- News:
- Books:
- Careers:
- Mutual Funds:
- Stocks:
- ROB Magazine:
- Technology: