Talking Security with Mr. Cryptography

History of Encryption and Computer Disk Encryption Security Software: Sun's Whitfield Diffie on ECC and Solaris 10 OS security Whitfield Diffie was the first to show how public key cryptography could be used by people who had no prior knowledge of each other to communicate securely. Diffie is now Chief Security Officer at Sun. Sun Inner Circle met with Diffie to learn about Sun's vision of the future of information security.

---

Sun's Whitfield Diffie on ECC and Solaris 10 OS security

In a groundbreaking 1976 paper on public-key cryptography, Whitfield Diffie famously illustrated how people with no prior knowledge of each other could use a shared public key and private secret key to enable a secure communications. Now as chief security officer at Sun Microsystems, Diffie is responsible for ensuring that Sun remains on the forefront of security innovation. Sun Inner Circle recently caught up with Diffie to discuss how Sun sees the future of information security and encryption.

Inner Circle (IC): It's been nearly 30 years since the 1976 Diffie-Hellman paper ushered in the age of public-key cryptography. What's the impact of the paper today?

DIFFIE: It's like having 15 minutes of fame: I did one good hour of work in 1976 and I've been making a living off of it ever since. The impact of the paper has been very gratifying. With SSL in every browser, public-key encryption is the most widely deployed cryptographic technology of all time.

It's also gratifying to have achieved some goals that are broader than the technology. I was one of the founders of the Association for Cryptologic Research, which now has more than 1,000 members and plays a role in putting on more than a dozen conferences a year. I just came back from Crypto 2006 in Santa Barbara, which had 500 attendees. The first Crypto conference was in the same location in 1981. It was the first public research conference on cryptography that I can recall and it had about 50 attendees.

One of my goals was unification of the techniques used to protect government information with those used to protect commercial information. It always seemed silly to think that a secret document required more protection than a billion dollar funds transfer. Well, it's finally begun to happen. Last year, the National Security Agency announced a new suite of cryptographic algorithms authorized to protect all levels of classified information. All of them are public and most of them are public standards. They call it Suite B. (Suite A is a collection of secret algorithms with colorful names like "Juniper" and "Mayfly.")

The centerpiece of Suite B is the Advanced Encryption Standard, a cryptographic algorithm designed in Belgium and selected by the U.S., in an international contest, to be its national standard. The key management part of Suite B is second-generation public-key cryptography. It's called elliptic curve cryptography, or ECC