Elliptic Curve Crytography (ECC) is lighter, faster and more secure than RSA
For a while now the RSA public key cryptosystem has been the standard in the SSL/TLS industry. But RSA’s days are numbered. Everyone should be moving towards Elliptic Curve Cryptography for SSL/TLS and most other PKI functions, too.
That’s because ECC offers myriad benefits.
- It’s more secure
- It requires less CPU resources
- It scales better
- It offers better privacy
Granted, not all CAs offered ECC-capable SSL/TLS certificates and there are still a handful of popular servers and platforms that have yet to add support. But the industry is moving away from RSA and ECC will soon become the new standard.
ECC is more Secure
Elliptic Curve Cryptography is based on mapping points on an elliptic curve. It sounds complex, but it’s really not once you see it in action. Several points on a given elliptic curve are chosen and plotted, each time reflecting the third point across the X access, and it continues until sufficient entropy has been achieved.
Because of the nature of the cryptography, ECC has a distinct advantage over its RSA counterpart: it’s not as vulnerable to quantum computing. Owing to the massive processing power of quantum computers – which will be viable in the next decade – the method behind RSA, prime factorization, will be rendered fairly ineffective early on. ECC will not be invulnerable to quantum computing, but it will have more hardness and there elliptic curve-based post-quantum cryptosystems in development as we speak.
ECC requires less CPU resources
There’s a reason that many enterprises decide to load balance and shift SSL/TLS functions to an edge device to free up resources on their application servers: RSA is expensive. The keys are massive, almost unwieldy. The current standard is 2048-bit, though some go has high as 4096. That taxes a server. Especially at scale where you’re performing thousands of handshakes at a time and then encrypting and decrypting data from each connection.
ECC doesn’t have this problem, its keys are substantially smaller. That, in turn, is less taxing on servers. An equivalent ECC key to the standard 2048-bit RSA one would be 224-bit. A little more than 1/10th the size of its RSA counterpart. That means less overhead during handshakes, which means a faster website and a better user experience.
ECC Scales Better
We’ve already discussed how resource-hungry RSA is as a cryptosystem, well that’s not going to get any better as encryption standards become more stringent and more hardness is demanded from private keys. And a big part of the problem is that as RSA key sizes increase, the improvement in security is not commensurate to the growth of the key. A 4096-bit key doesn’t provide double the security of a 2048-bit one. As keys grow increasingly larger, the gains made in security continue to decline. And the server will continue to be taxed more and more.
ECC doesn’t share this problem, its keys are smaller and as they grow bigger the security increases, too. As stronger encryption becomes mandated, using RSA is going to become prohibitive, which is why making the switch now will put you ahead in the long run.
ECC offers perfect forward secrecy
RSA key exchange should not be used anymore. It faces known vulnerabilities and, again, it’s resource hungry. It also doesn’t allow for Perfect Forward Secrecy – which should be considered best practice at this point. So, what is Perfect Forward Secrecy? It adds another layer of privacy by protecting the integrity of session keys, even in the event the private key was compromised.
When a handshake occurs at the outset of an HTTPS connection, the public key encrypts a shared secret that is decrypted by the private key and used to generate the symmetric session keys that will facilitate communication. You don’t actually use the public/private key pair to communicate, those are just for authentication and exchanging session keys.
With RSA, unless it’s really jimmy-rigged, you can decrypt the session keys if you crack the private key. RSA safeguards against that by using large private keys, but that ends up being a double-edged sword because, as we just discussed, RSA uses a lot of resources. That more or less prohibits the use of ephemeral keys – session keys that are regularly switched out. All of the decryption associated with those key exchanges only uses up more resources.
ECC on the other hand can handle the use of ephemeral keys and provides perfect forward secrecy, which protects individual connections even if the private key gets cracked.
Should I switch to ECC?
Before you make a change to an Elliptic Curve-based cryptosystem you’ll need to check on a few things. All of the major browsers support ECC – provided they’re up to date – so you wouldn’t have to worry about your website breaking for users. Most servers support ECC, too. The problem is certain control panels have yet to add support (shame on them). If you have direct access to your servers then switching should be no problem at all. If not, contact your hosting provider and check whether ECC is an option – and if not when it will be.
How do I get an ECC SSL Certificate?
Simple. Just follow the same procedures you would normally follow when ordering an SSL certificate from CheapSSLsecurity.com. If the SSL certificate supports it, simply select the option and then provide the CA with an ECC Certificate Signing Request. This can be generated on any server with ECC support.
Granted, not every certificate offers ECC, so you’ll need to choose a product with full ECC support. We recommend:
|ECC SSL Certificates||Years||Price/Year|
|Symantec Secure Site Pro||$995.00$543.56||Add to Cart|
|Symantec Secure Site Pro with EV||$1499.00$779.19||Add to Cart|
Elliptic Curve Cryptography is set to become the backbone of SSL/TLS over the next several years. It’s only hamstrung by slow adoption on the part of platforms and servers. But that will change soon and you don’t want to be left behind when it does.