RSA relies on factoring numbers. This is "sub-exponentially" hard, meaning you need huge keys to stay safe. ECC relies on the "Discrete Logarithm Problem" on elliptic curves, which is exponentially hard. This allows for tiny keys that are incredibly efficient for mobile phones and IoT devices.
The Curve
An elliptic curve is defined by the equation: \( y^2 = x^3 + ax + b \).
Key Property: If you draw a line through two points on the curve (A and B), it intersects the curve at a third point. Reflect that point over the X-axis, and you get \( A + B \).
1. Point Multiplication (The Trapdoor)
In ECC, we define "multiplication" as adding a point \( P \) to itself \( k \) times.
\( Q = k \cdot P = P + P + ... + P \)
Public Key: \( Q \) (The final point) and the Curve params.
Private Key: \( k \) (The number of times we added).
The Security: Even if you know the starting point \( P \) and the ending point \( Q \), it is impossible to calculate \( k \). It's like mixing paint. You see the final color (Purple), but you can't determine exactly how many drops of Red and Blue went into it.
2. Standard Curves
You don't make your own curve. You use standard ones.
- secp256k1: Used by Bitcoin. (Generous Koblitz curve).
- prime256v1 (P-256): NIST standard. Used in TLS/HTTPS.
- Curve25519: The modern favorite. Fast and safe. Used in Signal, WireGuard, and SSH.
3. ECC vs RSA
| Security Level | RSA Key Size | ECC Key Size |
|---|---|---|
| 80 bits (Weak) | 1024 bits | 160 bits |
| 128 bits (Standard) | 3072 bits | 256 bits |
| 256 bits (Military) | 15360 bits | 512 bits |
A 15,360-bit RSA calculation is incredibly slow. A 512-bit ECC calculation is instant on a smartphone.
Implementation
ECC is tricky. You must be careful to use a random number generator (nonce) correctly (e.g., in ECDSA). If you reuse a nonce, your private key is leaked instantly (this happened to the Sony PS3).