Elliptic Curve Cryptography

About ECC

Elliptic Curve Cryptography (ECC) is a public-key encryption method based on the algebraic structure of elliptic curves over finite fields.

There are three key types of algorithms that are formally recognized and used for digital certificates: RSA, DSA and ECC.

Of the three major types of algorithms, ECC based signatures are the most efficient. The security of ECC systems is based on the elliptic curve discrete logarithm problem, rather than the integer factorization problem. This difference allows ECC systems to start out smaller and scale more efficiently as the bit size of the matching symmetric key increases. This means that significantly smaller parameters can be used in ECC than that with RSA and DSA to obtain the same level of security. Thus, ECC based solutions are ideally suited for M2M environments.

M2M Requires Small Key Sizes

Within the ECC family of algorithms the certificate schemes are best suited for M2M applications where memory and bandwidth is most constrained. It conserves memory by using significantly smaller key sizes than any other public-key scheme. The verifier uses the TrustPoint root certificate to extract the public key and verify the signature.

Comparison of ECC vs. RSA/DSA

Table 1: Size comparison between ECC and RSA public key and certificates.

Security Level Public Key Size (bits) ECC Public Key Size (bits) RSA Ratio ECC/RSA public keys Cert Size (bits) ECC Cert Size (bits) RSA Ratio ECC/RSA certificates
80 192 1024 5x smaller 193 2048 10x smaller
112 224 2048 9x smaller 225 4096 18x smaller
128* 256 3072 12x smaller 257 6144 23x smaller
192 384 7680 20x smaller 385 15360 39x smaller
256 521 15360 29x smaller 522 30720 57x smaller

The above table shows that ECC key sizes for the same level of security is much smaller than the key sizes for RSA. For example, let’s briefly look at the row that is in bold and labelled with an *. A security level equivalent to searching all 128 bit vectors is currently what is used in commercial implementations today. To achieve this level of security requires an elliptic curve with 256 bits. By moving to the RSA column, one can see by comparison that in order to achieve the equivalent security, one would need to use 3072 bits RSA implementation.

Advantages of Elliptic Curve Cryptography

The advantages that can be gained from smaller parameters include:

Advantages are especially important in environments where at least one
of the following resources is limited:

Therefore, ECC and TrustPoint’s specific deployment of certificates are especially well-suited for the constrained environments found in M2M.