IT Security Outsourced IT

Elliptic Curve Cryptography

What is Elliptic Curve Cryptography?

Elliptic Curve Cryptography (ECC) is a public-key algorithm based on the elliptic curve defined over a finite field. ECC works by creating a public key and a private key on an elliptic curve. The public key is shared with others, while the private key is kept secret. Encryption and decryption are performed using these keys, and only the intended recipient can decrypt the message using their private key.

ECC is an encryption algorithm that provides greater security with shorter key lengths, which makes it compatible with devices with lower amounts of computational power, such as smartphones. Elliptic curves are the underlying backbone of ECC, as ECC algorithms can use different underlying elliptic curves to prioritize cryptographic strength, speed, and key length. ECC relies on some of the geometrical properties of the elliptic curve, such as horizontal symmetry, and a straight line crossing the elliptic curve will intersect it at no more than 3 points. ECC provides several different groups of algorithms based on their use cases, defined over an elliptic curve over finite fields. Features of ECC1 include:

  • Digital signatures. ECC provides algorithms for digital signatures like the elliptic curve digital signature algorithm ECDSA and EdDSA.
  • Encryption. ECC provides algorithms for encrypting messages, namely ECIES and EEECC.
  • Key agreement. ECC provides algorithms like ECDH and FHMQV for key agreement.

Advantages of ECC include:

Shorter key lengths. ECC provides a greater level of security with a shorter key size. The energy required to break a 3072-length key generated by the RSA encryption method is the same as the amount of energy that would be required to break a 256-length key generated by ECC. This demonstrates that the 256-length key generated by the ECC is as cryptographically as strong as the 3072-length one generated by the RSA encryption.

Less computational power. With the shorter key size, it is computationally less expensive to encrypt and decrypt the data.

Fast key generation. The key generation process is relatively simple and computationally less expensive since it involves securely generating a random integer within a specified range. This makes ECC key generation extremely fast compared to the RSA encryption algorithm.

Fast signatures. ECC uses the ECDSA, which is extremely fast at generating the digital signature, as it involves the simple step of multiplying a point on the curve.

Smaller certificate size. With the smaller key size of an ECC certificate, less data is transmitted from the server to the client during the SSL handshake2. ECC certificates also requires less CPU and memory, increasing network performance and making a potentially large difference on high-volume or high-traffic sites.

1 Zubair, 2023, “What is elliptic curve cryptography?”

2 Digicert, 2023, “What is Elliptic Curve Cryptography?”