Elliptic Curve Cryptography
- Elliptic Curve Cryptography a gentle introduction (link)
- HTML5/JavaScript visual tool for computing sums on elliptic curves - built by Andrea Corbellini
- Elliptic-curve cryptography - Wikipedia
- RSA vs ECC which one is better, and why? - Reddit thread, maybe spurious but still interesting
- Elliptic-curve DiffieâHellman - Wikipedia
- Elliptic Curve Digital Signature Algorithm - Wikipedia
Notes on Motivations for use of Elliptic Curve Cryptography from National Security AgencyCentral Security Service Web Site
The two noteworthy first generation public key algorithms used to secure the Internet today are known as RSA and Diffie-Hellman (DH). The security of the first is based on the difficulty of factoring the product of two large primes. The second is related to a problem known as the discrete logarithm problem for finite groups. Both are based on the use of elementary number theory. Interestingly, the security of the two schemes, though formulated differently, is closely related.
âŠelliptic curve cryptography has remained at its full strength since it was first presented in 1985âŠ
âŠThe length of a key, in bits, for a conventional encryption algorithm is a common measure of security. To attack an algorithm with a k-bit key it will generally require roughly 2k-1 operations. Hence, to secure a public key system one would generally want to use parameters that require at least 2k-1 operations to attack. The following table gives the key sizes recommended by the National Institute of Standards and Technology to protect keys used in conventional encryption algorithms like the (DES) and (AES) together with the key sizes for RSA, Diffie-Hellman and elliptic curves that are needed to provide equivalent security.
| Symmetric Key Size (bits) | RSA and Diffie-Hellman Key Size (bits) | Elliptic Curve Key Size (bits) |
|---|---|---|
| 80 | 1024 | 160 |
| 112 | 2048 | 224 |
| 128 | 3072 | 256 |
| 192 | 7680 | 384 |
| 256 | 15360 | 521 |
| Table 1: NIST Recommended Key Sizes |
To use RSA or Diffie-Hellman to protect 128-bit AES keys one should use 3072-bit parameters: three times the size in use throughout the Internet today. The equivalent key size for elliptic curves is only 256 bits.
One can see that as symmetric key sizes increase the required key sizes for RSA and Diffie-Hellman increase at a much faster rate than the required key sizes for elliptic curve cryptosystems.