The first shots in what may escalate into a full-blown battle over encryption technology were fired this week, with the dominant vendor, RSA Data Security, defending its turf against an upstart rival technology, Elliptic Curve Crypto (ECC).
ECC technology may come from many different vendors, and major players in the electronic-commerce market are looking at its potential.
"We expect someone to be able to break the encryption now in Secure Electronic Transaction [SET] pretty soon," said Steve Mott, senior vice president for electronic commerce at MasterCard International, this week at the Internet Commerce Expo in Atlanta. "When that happens, we hope to be able to incorporate what they can tell us."
The SET 1.0 standard, a specification of which is due for release June 1, will incorporate RSA encryption. RSA is the industry standard and has enjoyed a near-unchallenged position in the encryption technology market, according to one expert.
"Keep in mind, RSA has had almost a monopoly in cryptography, and ECC appears to be, if not the first, at least a viable potential challenger," says Victor Wheatman, an industry analyst at the Santa Clara, California, offices of the Gartner Group.
Elliptic curve cryptography could offer smaller, more widely applicable technology, because it generates smaller keys for encrypting or decrypting data, according to Wheatman.
"ECC is tighter, meaner, and leaner, and allows you to do cryptography in dumber, processor-challenged environments," Wheatman says.
RSA, king of the encryption hill, has been quick to defend its technology.
"It's RSA's opinion that elliptic curve has not been studied enough to protect multimillion dollar businesses or encrypt credit card transactions," says Gary Kinghorn, director of marketing at RSA. Kinghorn argues that RSA's proven capabilities make it the choice for encryption today.
"Elliptic curve may turn out to be great, and it is certainly worth studying," Kinghorn says. "But no one, or very few people, have studied elliptic curve problems as closely as they have studied problems with RSA." Kinghorn says RSA also counted an ECC development kit among its product offerings.
IBM officials said they would watch the development of ECC closely, even as they announced support for RSA technology.
"We just became aware in the past few weeks that elliptic curve modernised encryption," said Scott Dueweke, marketing manager for the Electronic Payments and Certification sector of IBM's Internet Division. "We will be looking at it in the future."
Apple Computer executives said the acquisition of Next and its ECC technology meant the company was seeking partners for it.