Understanding ECC in 5 Minutes
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 2.00 out of 5)
Loading...

Understanding ECC in 5 Minutes

A brief look at what ECC is, what it does, and why it’s the future

Start your clocks

Elliptic Curve Cryptography – abbreviated as ECC – is a mathematical method that can be used in SSL. It’s been around for quite a while – over 10 years already – but remains a mystery to most people. That’s because ECC is incredibly complex and remained unsupported by most client and server software, until recently.

I won’t be getting into the math behind ECC or what exactly it does to encrypt—that’s another post for another time. Instead I will be  giving a very general introduction to ECC so you can have a good sense of what it is and why it’s important.

Don’t worry, this will only take a few minutes.

What is ECC?

ECC is a mathematical method that can be used for all sorts of stuff – creating encryption keys, providing secure digital signatures, and more. When it comes to ECC’s use with SSL certificates – it’s a very flexible tool.

There are quite a few cryptographic functions going on with SSL Certificates and the SSL protocol: every SSL certificate has a “key pair” and a “hash,” and every SSL connection involves authentication and key exchange. ECC can be used for any (or all) of these four functions.

What does that mean, in plain language? It means that ECC can be the cryptographic “underpinning” of your SSL certificate in a variety of ways. While you would not necessarily know the difference between an SSL certificate using ECC compared to a certificate using another method, using ECC often translates to significantly improved performance.

The other methods that can be used as your cryptographic “underpinning” are RSA and DSA (RSA is named after its inventors: Rivest, Shamir, and Adleman. DSA stands for “Digital Security Algorithm” and was developed by and for the US government). You may have heard of RSA before; It is by far the most used method and is currently considered the industry standard.

The difference between these methods is largely technical (the ways in which they perform calculations). Truly understanding HOW these methods work is mostly reserved to cryptographers and mathematicians. But anyone with a basic familiarity with computers can understand the benefits to each.

Speedy and Secure

As computers become more powerful, encryption technology needs to continue to advance in order to keep data secure. “Bits of security” is a measure of security strength based on how much work a computer needs to do to break the encryption. Breaking encryption refers to a computer’s ability to figure out an encryption key and decode the messages. Computers do this by literally guessing and trying millions of possible combinations of bits. How long this takes depends on how much processing power you dedicate to breaking a key. For an everyday desktop computer, breaking an industry-standard key would take longer than the number of years that the Earth has existed.  For an organization like the NSA that has a huge amount of resources, it would still take more than a decade.[1]

How many “bits of security” an algorithm or cryptosystem provides depends on a lot of factors – and it’s not a 1:1 situation. The most popular type of key in use with SSL certificates are 2048-bit RSA keys. While those keys are 2048-bits they only provide 112 “bits of security”.

If you double an RSA key in size to you do not double its strength. In fact, a 100% increase in key size isn’t even giving you a 20% increase in strength.[2] That’s quite inefficient.

One of the attractive features of ECC is that it can achieve equivalent “bits of security” to RSA/DSA with much smaller keys – we are talking 90% smaller keys.[3]

Smaller keys translate to improved performance. Keys are used in the “SSL Handshake” – which is the process that establishes an SSL connection. The handshake must occur before the user’s browser can display a website (assuming that site is using SSL), so you want that handshake to happen as quickly as possible.

As we mentioned above, RSA does not scale well. And as RSA keys get larger, the performance gap with smaller ECC keys grows. Seriously – once RSA keys reach 3072-bits and larger, ECC performs more than 100% faster.

Depending on how much security strength you need to provide, or how complex or performant your website/service needs to be, you might see performance benefits in using ECC today. Many larger sites – including Facebook and Cloudflare – are already using ECC because of the performance benefits that come at their scale. But you don’t need to be a digital behemoth to benefit from ECC. Anyone can see savings of a few hundred milliseconds (or more) with ECC technology.

Using ECC

But despite the benefits of ECC, it is currently only used by a small number of sites.

Recent data shows RSA is still the most widely used by a wide margin –more than 90% of SSL certificates use RSA keys (only 4% of certificates used ECC keys).[4] RSA has been the go-to cryptosystem since the inception of SSL, making it the most widely-supported option out there.

Most sites aren’t using ECC yet because server and client software has been slow to support it, and not every Certificate Authority (CA) is currently capable of providing SSL certificates that use ECC keys.

But don’t let that deter you! ECC is gaining popularity and support every day. Getting started with ECC can be as easy as updating your server configuration (no need to spend any money or get a new certificate). If that is something that interests you, start by looking to see if your server OS supports “ECDHE” or “ECDSA” (and if so, see Mozilla’s TLS configuration generator to get configuration settings that use ECC).

The current industry standard is to use a 2048-bit RSA key. These keys will probably be considered secure for at least 10 more years.[5] But when it can be demonstrated that those keys can be easily broken, the SSL industry will need to pick a new standard. As RSA performance degrades with larger key sizes, we may see ECC take its place sooner rather than later.

[1] “Table 1.2. Security levels and equivalent strength in bits, adapted from ECRYPT2 (2012)” as it appears in Bulletproof SSL and TLS, pg. 17.

[2] A 4096-bit RSA key only yields about 135 bits of security (estimated from ECRYPT2 Recommendations).

[3] “NST Special Publication 800-57: Recommendation for Key Management – Part 1: General, Revision 3” (as it appears in Bulletproof SSL and TLS, p.18)

[4] Recent data from Mozilla’s TLS Observatory. Of 1,585,701 observed certificates, 1,524,233 of them used 2048-bit or larger RSA keys. 60,486 used ECDSA keys. Source: https://twitter.com/jvehent/status/729048439686877184

[5] https://www.yubico.com/2015/02/big-debate-2048-4096-yubicos-stand/ and “Table 1.2. Security levels and equivalent strength in bits, adapted from ECRYPT2 (2012)” as it appears in Bulletproof SSL and TLS, pg. 17.