What is Eliptic Curve Cryptography (ECC)?
The history and benefits of ECC certificates
The constant back and forth between hackers and security researchers, coupled with advances in cheap computing power, requires the ongoing evaluation of acceptable encryption algorithms and standards.
RSA is currently the industry standard for public key encryption and is used in the majority of SSL / TLS certificates.
A popular alternative first proposed in 1985 by two independent researchers (Neal Koblitz and Victor S. Miller), elliptic curve cryptography, who use a different formal encryption approach. While RSA is based on the difficulty of factoring large integers, ECC relies on recognizing the discrete logarithm of a random elliptic curve.
In other words, ECC assumes that while it is possible to calculate a point multiplication, conversely, it is almost impossible to calculate the multiplicand only with the original and product points. The difficulty can increase dramatically with the size of the elliptical curve.
Below are some of the benefits of using ECC certificates.
Small ECC keys have the same strength as larger RSA keys due to the algorithm used to generate them. For example, a 256-bit ECC key corresponds to a 3072-bit RSA key and a 521-bit ECC key corresponds to a 15,360-bit RSA key! With these strong, small keys, the encryption of the computing power remains ahead without simply having to create longer keys.
Smaller certificate size
Due to the smaller key size for an ECC certificate, less data is transferred from the server to the client during the SSL handshake. ECC certificates also require less CPU and memory, which increases network performance and potentially has a major impact on high volume or high traffic websites.
Is ECC Right for You?
While ECC has some advantages, there are some disadvantages that you should consider before switching to ECC. Most importantly, not all browsers and servers support ECC certificates. Support on mobile platforms has not been thoroughly tested. Another problem is that while ECC signature verification is faster, verifying the ECC signature can be a computationally intensive task and may be slower than RSA on some devices.
To have a more in-depth discussion about ECC or to decide if it's right for you, contact us .
How do I get an ECC certificate from Secorio?
If you have chosen an ECC certificate, you can simply order one from Secorio by creating an ECC CSR (Certificate Signing Request) for your order.
The following are instructions for creating an ECC-CSR for common operating systems.
- Microsoft server: Create ECC CSR and install the ECC SSL certificate
- Apache: Create ECC CSR and install the ECC SSL certificate -> Available on request.