Cryptography Reference
In-Depth Information
Chapter 9
Elliptic Curve Cryptosystems
Elliptic Curve Cryptography (ECC) is the newest member of the three families of
established public-key algorithms of practical relevance introduced in Sect. 6.2.3.
However, ECC has been around since the mid-1980s.
ECC provides the same level of security as RSA or discrete logarithm systems
with considerably shorter operands (approximately 160-256 bit vs. 1024-3072 bit).
ECC is based on the generalized discrete logarithm problem, and thus DL-protocols
such as the Diffie-Hellman key exchange can also be realized using elliptic curves.
In many cases, ECC has performance advantages (fewer computations) and band-
width advantages (shorter signatures and keys) over RSA and Discrete Logarithm
(DL) schemes. However, RSA operations which involve short public keys as intro-
duced in Sect. 7.5.1 are still much faster than ECC operations.
The mathematics of elliptic curves are considerably more involved than those
of RSA and DL schemes. Some topics, e.g., counting points on elliptic curves, go
far beyond the scope of this topic. Thus, the focus of this chapter is to explain the
basics of ECC in a clear fashion without too much mathematical overhead, so that
the reader gains an understanding of the most important functions of cryptosystems
based on elliptic curves.
In this chapter, you will learn:
The basic pros and cons of ECC vs. RSA and DL schemes.
What an elliptic curve is and how to compute with it.
How to build a DL problem with an elliptic curve.
Protocols that can be realized with elliptic curves.
Current security estimations of cryptosystems based on elliptic curves.
9.1 How to Compute with Elliptic Curves
We start by giving a short introduction to the mathematical concept of elliptic
curves, independent of their cryptographic applications. ECC is based on the gener-
alized discrete logarithm problem. Hence, what we try to do first is to find a cyclic
