An interesting article from LWN about Elliptic Curve Cryptography and Open Source.
ECC is based on some very deep math involving elliptic curves in a finite field. It relies on the difficulty of solving the Elliptic Curve Discrete Logarithm Problem (ECDLP) in much the same way that RSA depends on the difficulty of factoring the product of two large primes. The best known method for solving ECDLP is fully exponential, whereas the number field sieve (for factoring) is sub-exponential. This allows ECC to use drastically smaller keys to provide the equivalent security; a 160-bit ECC key is equivalent to a 1024-bit RSA key.
As always though, there are the problems of patents..
The wild card in the ECC patent arena seems to be Certicom which claims a large number of ECC patents and has not made a clear statement of its intentions with regard to open source implementations. The NSA licensed Certicom’s patents for $25 million to allow them and their suppliers to use ECC, lending some credence to at least some of the Certicom patents. Other companies also have patents on various pieces of ECC technology.
Be interesting to see what happens..
Maths isn’t my subject but one idea that occurs to me is trajectory calculation in a three-dimensional space with “gravitational” forces. For example, set up a “solar system” (either static or with “planets” in motion) and try and calculate where an inbound comet ends up. Very slight differences in parameters could produce vastly different trajectories and end points, resulting in a problem whose solution is mathematically calculable but virtually unguessable (except for sender and receiver, who share the same system model and critical information about the “comet” (i.e. incoming message). Maybe this characteristic could provide very strong encryption. On the other hand, the computing power needed could well prove prohibitive.