WHAT IS ECC AND WHY WOULD I WANT TO USE IT?
SSL certificates most commonly use RSA keys and the recommended size of these keys keeps increasing (e.g., from 1024 bit to 2048 bit a few years ago) to maintain sufficient cryptographic strength. An alternative to RSA is ECC. Both key types share the same important property of being asymmetric algorithms (one key for encrypting and one key for decrypting). However, ECC can offer the same level of cryptographic strength at much smaller key sizes - offering improved security with reduced computational requirements.
WHAT IS ECC?
ECC stands for Elliptic Curve Cryptography, and is an approach to public key cryptography based on elliptic curves over finite fields.
HOW DOES ECC COMPARE TO RSA?
The biggest differentiator between ECC and RSA is key size compared to cryptographic strength.
SYMMETRIC KEY SIZE (BIT)
RSA AND DIFFIE-HELLMAN KEY SIZE (BIT)
ELLIPTIC CURVE KEY SIZE (BIT)
As you can see in the chart above, ECC is able to provide the same cryptographic strength as an RSA-based system with much smaller key sizes. For example, a 256 bit ECC key is equivalent to RSA 3072 bit keys (which are 50% longer than the 2048 bit keys commonly used today). The latest, most secure symmetric algorithms used by TLS (eg. AES) use at least 128 bit keys, so it makes sense that the asymmetric keys provide at least this level of security.
WHY WOULD I WANT TO USE ECC?
The small key sizes make ECC very appealing for devices with limited storage or processing power, which are becoming increasingly common in the IoT. In terms of more traditional web server use cases, the smaller key sizes can offer speedier SSL handshakes (which can translate to faster page load times) and stronger security.
HOW CAN I START USING ECC?
TRUSTZONE offers ECC for all our SSL certificates. If you want more information on how to use ECC read more here. If you’re interested in ordering an ECC SSL certificate, you need only generate an ECC CSR and paste that into your order. For more information about how to generate an ECC CSR click here.