INNOVATOR PROFILES THE INTERVIEWS IN THEIR OWN WORDS NETSEMINARS GREAT MINDS AT CES SPONSORS ABOUT GMGI HOME

By Scott Vanstone
Founder and Executive Vice President of Strategic Technology
Certicom Corp.

I distinctly remember my introduction to elliptic curve cryptography.


Dr. Victor Miller, who was a researcher at IBM's Thomas Watson Research Lab at the time, presented a paper on it at Crypto '85, the largest cryptography conference in the world. There were about 300 researchers in the room, none of whom had heard of elliptic curve cryptography before the talk. I came out of the lecture thinking, "If ECC is secure, it is technologically superior to anything out there." I learned later that I was one of just a few individuals from that meeting to realize the significance of this technology and the first to set out to convince the world of its merits.

Meanwhile, I concentrated on building a career in mathematics, earning an undergraduate degree, a master's and PhD in mathematics, followed by research and teaching as professor of mathematics and computer science at St. Jerome's University at the University of Waterloo (Ontario). My approach was methodical, building on each step-similar to my approach to commercializing the disruptive cryptosystem, ECC.

To determine whether ECC was secure, I initiated an intensive research project at the University of Waterloo. Working with a research team that later became part of the Centre for Applied Cryptographic Research at UW, we carefully evaluated the strengths of this new cryptographic scheme and determined that indeed this was the way of the future. If strong security was ever going to be part of the wireless world, ECC had to be the technology that would do it. Of course, if it works in the wireless world, it works everywhere.

By 1993, I was convinced of ECC's security and set out to evangelize the merits of this relatively new public-key technology, which had the potential to replace legacy cryptosystems such as RSA. That same year, I was asked by the chief scientist at RSA to edit the ECC section of IEEE P1363. It was early times for the fledgling technology, but one that I believed in wholeheartedly. It took six years and countless meetings before I saw ECC become a major standard.

Indeed, one of my biggest challenges was getting ECC standardized. I knew people wouldn't use cryptography unless it had been scrutinized by standards organizations and stamped with their seal of approval. Today, ECC is in every major standard in the world, but it has been a long, slow process.

Almost 20 years after ECC was first introduced to the mathematical world, I experienced one of the greatest highlights of my career. The only event to equal it was my 1998 election as a Fellow of the Royal Society of Canada, Academy of Sciences.

The National Security Agency, the largest employer of mathematicians in the United States, recommended that ECC technologies be used to protect classified as well as sensitive but unclassified government communications. In particular, the NSA named ECMQV as the algorithm of choice for key exchange. The acronym stands for Elliptic Curve Menezes-Qu-Vanstone, for the three researchers who created this algorithm-Alfred Menezes and Minqua Qu, two of my former PhD students-and me.

My next challenge is to change the way organizations think about security; to move them from viewing it as an afterthought. In my opinion, if you design security in from day one, you will be a lot better off.