Saturday, November 3, 2012

ECC - Elliptic Curve Cryptography

Security is an interesting domain: a recent episode of the SecurityNow podcast about elliptic curve cryptography triggered me to dive a bit deeper into the topic.

Contrary to shared secret security, public key cryptograph is based on a public key and private key/secret.
The public and private key are related through some mathematical algorithm whereby it is impossible to derive the private key from encrypted content or the public key itself.  The most popular mechanism - RSA - is based on the difficulty to factor prime numbers.

  • RSA: based on difficulty of factorisation
  • DSA: based on difficulty of discrete log for integers modulo a prime
  • ECC (based on difficulty of discrete log for discrete ECC system

Tried to get my head around the math behind the Elliptic Curve Cryptography but it went just too deep.  Even the basic underlying mechanisms of point addition, point doubling and point multiplication went too far.

With RSA, key size need to become pretty long: 512 bits is broken as recently proven.  A key length of 1024 bits is still considered acceptable, but 2048 is becoming the default key length for RSA.  In case of ECC, key lengths can be much shorter: 200 bits is considered very strong.  These shorter key lengths have a very positive effect on performance, which is e.g. positive for mobile devices.

Use of ECC cryptography is still limited.  The world of PKI and certificates has standardized on RSA.  One use case of ECC is DNSCurve, a mechanism to secure DNS.  DNS is not connection oriented but based on the UDP protocol.  Efficient crypto is therefore very relevant.  OpenDNS has adopted DNSCurve and thus ECC cryptography.

No comments: