13.1.1 What Is Elliptic Curve Cryptography?

First, notice that Elliptic curves (EC) have nothing to do with ellipses. Elliptic-curve cryptography (ECC) is a high performance alternative approach to RSA for asymmetric algorithms. Elliptic curve cryptography algorithms entered wide use in 2004. After a slow start, elliptic curve-based algorithms are gaining popularity and the pace of adoption is accelerating. EC cryptosystems have been adopted by Amazon, Google, and many others to secure communications with their customers.

As shown in Table 13.1 (from RFC 5349 [1]), EC cryptosystems amply outperform RSA-based cryptosystems. The table compares the level of security (i.e. resistance to attacks) of symmetric, ECC, and RSA systems depending on the length of keys. We can conclude, at least, that: i) with a key size of 2L bits, ECC provides a comparable level of security to symmetric systems with a key size of L bits without the need to share the same secret key, as required by symmetric systems, and ii) ECCs with less than 255-bit keys provide comparable security level to RSA-2048 systems (i.e. RSA with the key size currently in use). RSA-2048 requires eight times bits than ECC with comparable security level. Even more significantly, RSA-512 requires 30 times bits than ECC with comparable security level.