Elliptic curve cryptography
What Is Elliptic Curve Cryptography?
Elliptic curve cryptography (ECC) is a form of public-key cryptography whose security rests on the difficulty of the elliptic curve discrete logarithm problem (ECDLP): given two points P and Q on an elliptic curve over a finite field, determining the integer k such that Q = kP is computationally infeasible for sufficiently large keys. This hardness assumption allows ECC to deliver security equivalent to older public-key systems at substantially smaller key sizes, reducing computational cost and bandwidth for both key generation and exchange. A 256-bit ECC key provides roughly the same security margin as a 3072-bit RSA key.
The theoretical basis for ECC was laid independently by Neal Koblitz and Victor Miller in 1985, each recognizing that elliptic curves defined over finite fields supported group operations amenable to discrete-logarithm-based cryptographic constructions. The approach entered formal standards through IEEE P1363 (2000) and through the NIST digital signature and key-exchange publications, which together shaped its deployment across internet security protocols.
Mathematical Foundations
An elliptic curve over a finite field is defined by a Weierstrass equation of the form y² = x³ + ax + b, where the discriminant 4a³ + 27b² is nonzero to ensure the curve is smooth. The set of points satisfying this equation, together with a point at infinity, forms an abelian group under a geometric addition rule: the sum of two points P and Q is determined by drawing the line through them, finding the third intersection with the curve, and reflecting that point across the x-axis. Scalar multiplication, repeated application of this addition, is efficient in the forward direction but appears hard to reverse, which is the ECDLP. The choice of curve parameters, including the prime p defining the field, the coefficients a and b, and the base point G with its order n, directly governs security.
Key Operations and Security
ECC supports the same cryptographic primitives as RSA and Diffie-Hellman: digital signatures, key agreement, and public-key encryption. The Elliptic Curve Digital Signature Algorithm (ECDSA) and the related EdDSA scheme over Curve25519 are the most widely deployed signature algorithms. ECDH (Elliptic Curve Diffie-Hellman) provides forward-secret key agreement in TLS and related protocols. NIST published FIPS 186-5 and SP 800-186 in February 2023, standardizing the recommended curves and retirement of older ones, reflecting fifteen years of scrutiny of the original FIPS 186-4 parameter set. The security of any ECC deployment depends critically on selecting a curve with no known structural weaknesses, a concern addressed by the SafeCurves project at cr.yp.to, which evaluates published curves against a uniform set of security criteria.
Protocol Applications
ECC is the dominant public-key algorithm in constrained-resource environments where RSA key sizes would impose unacceptable overhead. TLS 1.3, which became the mandatory version under RFC 8446, specifies ECDHE key exchange as the primary forward-secrecy mechanism. Mobile device authentication, smart card systems, and the Secure Shell (SSH) protocol all rely on ECC for its combination of security strength and low computational cost. Blockchain systems, including Bitcoin and Ethereum, use ECDSA over the secp256k1 curve to authorize transactions. Research on elliptic curve cryptography implementation in practice, as reviewed by Bernstein and colleagues, has catalogued real-world deployment failures and highlighted the implementation pitfalls that can undermine theoretically sound parameters.
Applications
Elliptic curve cryptography has applications in a wide range of disciplines, including:
- Transport Layer Security (TLS), as the basis for ECDHE key exchange in secure web communications
- Mobile and embedded security, where small key sizes reduce power and latency constraints
- Digital identity and smart cards, using ECDSA for authentication tokens
- Blockchain and cryptocurrency, for transaction signing and address generation
- Internet of Things devices, where ECC replaces RSA in firmware update and telemetry signing