Definition

elliptical curve cryptography (ECC)

Contributor(s): Jonathan Burr

Elliptical curve cryptography (ECC) is a public key encryption technique based on elliptic curve theory that can be used to create faster, smaller, and more efficient cryptographic keys. ECC generates keys through the properties of the elliptic curve equation instead of the traditional method of generation as the product of very large prime numbers. The technology can be used in conjunction with most public key encryption methods, such as RSA, and Diffie-Hellman. According to some researchers, ECC can yield a level of security with a 164-bit key that other systems require a 1,024-bit key to achieve. Because ECC helps to establish equivalent security with lower computing power and battery resource usage, it is becoming widely used for mobile applications. ECC was developed by Certicom, a mobile e-business security provider, and was recently licensed by Hifn, a manufacturer of integrated circuitry (IC) and network security products. RSA has been developing its own version of ECC. Many manufacturers, including 3COM, Cylink, Motorola, Pitney Bowes, Siemens, TRW, and VeriFone have included support for ECC in their products.

The properties and functions of elliptic curves have been studied in mathematics for 150 years. Their use within cryptography was first proposed in 1985, (separately) by Neal Koblitz from the University of Washington, and Victor Miller at IBM. An elliptic curve is not an ellipse (oval shape), but is represented as a looping line intersecting two axes (lines on a graph used to indicate the position of a point). ECC is based on properties of a particular type of equation created from the mathematical group (a set of values for which operations can be performed on any two members of the group to produce a third member) derived from points where the line intersects the axes. Multiplying a point on the curve by a number will produce another point on the curve, but it is very difficult to find what number was used, even if you know the original point and the result. Equations based on elliptic curves have a characteristic that is very valuable for cryptography purposes: they are relatively easy to perform, and extremely difficult to reverse.

The industry still has some reservations about the use of elliptic curves. Nigel Smart, a Hewlett Packard researcher, discovered a flaw in which certain curves are extremely vulnerable. However, Philip Deck of Certicom says that, while there are curves that are vulnerable, those implementing ECC would have to know which curves could not be used. He believes that ECC offers a unique potential as a technology that could be implemented worldwide and across all devices. According to Deck (quoted in Wired), "the only way you can achieve that is with elliptic curve."

This was last updated in September 2005

Content

Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

SearchCloudSecurity

• How cloud access security brokers have evolved

Cloud access security brokers keep being acquired by bigger security companies. Expert Rob Shapland looks at how these ...

• SQL injection attacks: How to defend your enterprise

SQL injection attacks threaten enterprise database security, but the use of cloud services can reduce the risk. Here's a look at ...

• Cloud security lessons to learn from the Uber data breach

Any organization that uses cloud services can learn something from the 2016 Uber data breach. Expert Ed Moyle explains the main ...

SearchNetworking

• Ruckus SmartZone to get IoT module

Ruckus plans to release a suite of technology for companies that want to support IoT devices on the WLAN. The suite includes an ...

• What are the top information security objectives for CISOs?

Bloggers delve into CISO information security objectives, Juniper's new product release and how self-sufficient networking teams ...

• Considerations for buying an application delivery controller

Before you buy an ADC device, learn which features you should look for and what questions you should ask prospective application ...

SearchCIO

• Cybersecurity's shortage of skills leaves IT projects vulnerable

A recent study found that as IT projects proliferate, cybersecurity's shortage of skills is leaving tech vulnerable. Analyst and ...

• Relentless AI cyberattacks will require new protective measures

AI cyberattacks won't be particularly clever; instead, they'll be fast and fierce. Carnegie Mellon University's Jason Hong ...

• Deep learning algorithms power startup's beauty database

Deep learning algorithms are changing how we drive cars and navigate outer space. What about saving our skin? Silicon Valley ...

SearchEnterpriseDesktop

• How to establish Windows 10 security baselines

IT should consider following Microsoft's Windows 10 security recommendations in the Security Compliance Toolkit to better protect...

• VMware Workspace One helps Western Digital organize 3,000 apps

The application portal in VMware Workspace One allowed IT to streamline app delivery, and the product's cloud-based model proved ...

• Three PC lifecycle management options IT should consider

IT pros can use PCs and laptops until they stop working, or they can set up a lifecycle management plan that retires them after a...

SearchCloudComputing

• Prepare and manage enterprise apps for an IaaS model

A growing number of businesses see the value in infrastructure as a service. But without careful app migration and management ...

• Multi-cloud management still a work in progress for IT teams

Multi-cloud deployments are a mixed bag, providing both business value and complex management challenges. Fortunately, a number ...

• Bare-metal cloud services lure legacy workloads off premises

For some enterprises, bare-metal services in the cloud act as a crucial steppingstone to an IaaS deployment, and providers, ...

ComputerWeekly.com

• GDPR is having positive impact on privacy profession, says IAPP

The EU’s new data protection rules are driving greater interest in the privacy profession, and provide an opportunity to develop ...

• More than a quarter of UK shoppers prepared for wearable contactless payments

Mastercard research shows a growing number of shoppers are prepared to make purchases with smartwatches, rings and bracelets

• Cloud DR: Key choices in cloud disaster recovery

Flexibility and low cost make the cloud well-suited to disaster recovery, but there is no one-size-fits-all route to cloud ...

Close