Select Page

Elliptic Curve Cryptography is currently less popular than RSA cryptography. However, ECC provides a higher degree of protection. The algorithm used in RSA encryption is directly as strong as the key length. The strength of the ECC cryptography is also related to the key length. But in contrast to RSA, ECC provides an exponential curve related to the key length. A commercial example of this software is made by Symantec.

Public-key cryptography is based on the intractability of certain mathematical problems. Early public-key systems are secure assuming that it is difficult to factor a large integer composed of two or more large prime factors. For elliptic-curve-based protocols, it is assumed that finding the discrete logarithm of a random elliptic curve element with respect to a publicly known base point is infeasible: this is the “elliptic curve discrete logarithm problem” (ECDLP). The security of elliptic curve cryptography depends on the ability to compute a point multiplication and the inability to compute the multiplicand given the original and product points. The size of the elliptic curve determines the difficulty of the problem. ~ Wikipedia

The U.S. National Institute of Standards and Technology (NIST) has endorsed elliptic curve cryptography in its Suite B set of recommended algorithms, specifically elliptic curve Diffie–Hellman (ECDH) for key exchange and Elliptic Curve Digital Signature Algorithm (ECDSA) for digital signature. The U.S. National Security Agency (NSA) allows their use for protecting information classified up to top secret with 384-bit keys. (“Fact Sheet NSA Suite B Cryptography”. U.S. National Security Agency. Archived from the original on 2009-02-07.) However, in August 2015, the NSA announced that it plans to replace Suite B with a new cipher suite due to concerns about quantum computing attacks on ECC. (“Information Assurance”. www.nsa.gov.)

## Below is a more indepth look at ECC.

While it is not necessary to understand the algorithms and math involved, this video will help explain why the NSA feels this is a very secure method of encryption.