FAQ Hero
Cryptography

What is Elliptic
Curve Cryptography?

What is Elliptic Curve Cryptography (ECC)?

Elliptic Curve Cryptography (ECC) relies on the algebraic structure of elliptic curves over finite fields. It is assumed that discovering the discrete logarithm of a random elliptic curve element in connection to a publicly known base point is impractical.

The use of elliptic curves in cryptography was suggested by both Neal Koblitz and Victor S. Miller independently in 1985; ECC algorithms entered common use in 2004. The advantage of the ECC algorithm over RSA is that the key can be smaller, resulting in improved speed and security. The disadvantage lies in the fact that not all services and applications are interoperable with ECC-based TLS/SSL certificates.

The history and benefits of ECC certificates

The constant back and forth between hackers and security researchers, coupled with advancements in cheap computational power, results in the need for continued evaluation of acceptable encryption algorithms and standards. RSA is currently the industry standard for public-key cryptography and is used in the majority of TLS/SSL certificates. A popular alternative, first proposed in 1985 by two researchers working independently—Neal Koblitz and Victor S. Miller—Elliptic Curve Cryptography uses a different formulaic approach to encryption. While RSA is based on the difficulty of factoring large integers, ECC relies on discovering the discrete logarithm of a random elliptic curve. In other words, ECC works on the assumption that while it is possible to compute a point multiplication, it is conversely almost impossible to compute the multiplicand given only the original and product points. The difficulty can be dramatically ramped up with the size of the elliptic curve.

Key benefits

Below are a few of the benefits to using ECC Certificates

Stronger keys

Small ECC keys have the equivalent strength of larger RSA keys because of the algorithm used to generate them. For example, a 256-bit ECC key is equivalent to a 3072-bit RSA key and a 384-bit ECC key is equivalent to a 7680-bit RSA key. These strong, small keys allow encryption to stay ahead of computing power without having to simply create longer keys.

Smaller certificate size

Because of the smaller key size with an ECC certificate, less data is transmitted from the server to the client during the SSL handshake. ECC certificates also requires less CPU and memory, increasing network performance and making a potentially large difference on high-volume or high-traffic sites.

Is ECC right for you?

While ECC has some benefits, there are also major drawbacks that you should consider before moving to ECC. Most importantly, not all browsers and servers support ECC certificates and support in mobile platforms has not been thoroughly tested. Another concern is that while ECC is faster overall, the ECC signature verification can be a computationally intensive task and may be slower than RSA on some devices. To have a more in-depth discussion on ECC or for help deciding if it is right for you, contact our support team.