Elliptical curve cryptography is a method of encoding data files so that only specific individuals can decode them. ECC is based on the mathematics of elliptic curves and uses the location of points on an elliptic curve to encrypt and decrypt information. ECC affords efficient implementation of wireless security features, such as secure electronic mail and Web browsing but has some disadvantages when compared with other cryptography techniques.
Victor Miller of IBM and Neal Koblitz of the University of Washington first proposed ECC, independently, in the mid 1980s. ECC is not a new technology and has proven its security by withstanding a generation of attacks. In recent years, as the wireless industry has grown, ECC has been adopted by numerous companies as an innovative security technology. ECC has been standardized by the American National Standards Institute, the National Institute of Standards and Technology and the Federal Information Processing Standard.
ECC employs a relatively short encryption key -- a value that must be fed into the encryption algorithm to decode an encrypted message. This short key is faster and requires less computing power than other first-generation encryption public key algorithms. For example, a 160-bit ECC encryption key provides the same security as a 1024-bit RSA encryption key and can be up to 15 times faster, depending on the platform on which it is implemented. RSA is a first-generation public-key cryptography technique invented by Ronald Rivest, Adi Shamir and Leonard Adleman in the late 70s. Both RSA and ECC are in widespread use. The advantages of ECC over RSA are particularly important in wireless devices, where computing power, memory and battery life are limited.
One of the main disadvantages of ECC is that it increases the size of the encrypted message significantly more than RSA encryption. Furthermore, the ECC algorithm is more complex and more difficult to implement than RSA, which increases the likelihood of implementation errors, thereby reducing the security of the algorithm.
Public Versus Private Key Cryptography
ECC is a form of public key cryptography, in which one encryption key, known as a private key, is kept secret, while another, known as a public key, is freely distributed. Public key cryptography is computationally more expensive than private key encryption, which employs a single, shared encryption key. In wireless devices, public key encryption can shorten the lifetime of batteries or of the devices themselves.