LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What is Elliptic-Curve Cryptography (ECC) and what is its main advantage over RSA?

ECC does Diffie-Hellman-style key exchange (and signatures) on the group of points of an elliptic curve, rather than in Z*_p. The hard problem is the discrete log on elliptic curves (ECDLP) — which appears much harder per bit than ordinary discrete log, giving equivalent security at far smaller key sizes.

An elliptic curve has the form y² = x³ + a·x + b (with non-singularity condition 4a³ + 27b² ≠ 0). The set of points on the curve, plus a "point at infinity," forms a mathematical group. You can define point "addition" by drawing lines and intersecting — but the group operation is rich enough that "scalar multiplication" (adding a point to itself k times) is easy but recovering k is hard.

Why smaller keys? The best-known attack on ECDLP scales as O(√n), which is much worse per bit than the GNFS on plain factoring (sub-exponential). So a 256-bit elliptic curve key has roughly the same security strength as a 3072-bit RSA key.

Key size comparison:

Security level RSA / DH key ECC key Symmetric key
80 bits 1024 160 80
128 bits 3072 256 128
192 bits 7680 384 192
256 bits 15,360 512 256

Consequences:

  • Smaller keys & certs → less bandwidth, less storage.
  • Faster signature and key-exchange operations on the same hardware.
  • Smaller signatures — important for low-bandwidth IoT.
  • TLS 1.3 makes ECDHE the default and the only key-exchange option.

Popular curves: P-256 (NIST), Curve25519 (Bernstein, used in WireGuard/Signal), secp256k1 (used by Bitcoin).

Tip: When designing a new system in 2024, prefer ECC over RSA unless you have a specific reason (legacy interop, FIPS compliance). Use Curve25519/Ed25519 unless your environment requires the NIST curves.

From Quiz: ISF / Asymmetric Cryptography | Updated: Jul 14, 2026