# elliptical curve cryptography (ECC)

## Disk Encryption and File Encryption

### Looking for something else?

Elliptical curve cryptography (ECC) is a public key encryption technique based on elliptic curve theory that can be used to create faster, smaller, and more efficient cryptographic keys. ECC generates keys through the properties of the elliptic curve equation instead of the traditional method of generation as the product of very large prime numbers. The technology can be used in conjunction with most public key encryption methods, such as RSA, and Diffie-Hellman. According to some researchers, ECC can yield a level of security with a 164-bit key that other systems require a 1,024-bit key to achieve. Because ECC helps to establish equivalent security with lower computing power and battery resource usage, it is becoming widely used for mobile applications. ECC was developed by Certicom, a mobile e-business security provider, and was recently licensed by Hifn, a manufacturer of integrated circuitry (IC) and network security products. RSA has been developing its own version of ECC. Many manufacturers, including 3COM, Cylink, Motorola, Pitney Bowes, Siemens, TRW, and VeriFone have included support for ECC in their products.

The properties and functions of elliptic curves have been studied in mathematics for 150 years. Their use within cryptography was first proposed in 1985, (separately) by Neal Koblitz from the University of Washington, and Victor Miller at IBM. An elliptic curve is not an ellipse (oval shape), but is represented as a looping line intersecting two axes (lines on a graph used to indicate the position of a point). ECC is based on properties of a particular type of equation created from the mathematical group (a set of values for which operations can be performed on any two members of the group to produce a third member) derived from points where the line intersects the axes. Multiplying a point on the curve by a number will produce another point on the curve, but it is very difficult to find what number was used, even if you know the original point and the result. Equations based on elliptic curves have a characteristic that is very valuable for cryptography purposes: they are relatively easy to perform, and extremely difficult to reverse.

The industry still has some reservations about the use of elliptic curves. Nigel Smart, a Hewlett Packard researcher, discovered a flaw in which certain curves are extremely vulnerable. However, Philip Deck of Certicom says that, while there are curves that are vulnerable, those implementing ECC would have to know which curves could not be used. He believes that ECC offers a unique potential as a technology that could be implemented worldwide and across all devices. According to Deck (quoted in Wired), "the only way you can achieve that is with elliptic curve."

This was first published in September 2005

## Content

Find more PRO+ content and other member only offers, here.

Oldest

## SearchCloudSecurity

• ### Lack of secure APIs can create IaaS risks

IaaS data security risks are a persistent problem for enterprises moving to the cloud, but there are specific issues to keep an ...

• ### Microsoft-Adallom deal poised to impact cloud security gateway market

Microsoft reportedly agreed to acquire cloud security startup Adallon for \$320 million, which analysts say could spark major ...

• ### Keep credentials safe despite insecure mobile cloud backup services

A recent study revealed app developers that use mobile cloud backup services put user credentials at risk. Expert Rob Shapland ...

## SearchNetworking

• ### Big data impact on network operations probed in study

Big data is big news, but it's also influencing networking pros' capacity planning, according to an Enterprise Management ...

• ### Overcoming the challenges of wiring farm networks

The sound of mooing and the smell of diesel fuel are just part of what makes wiring a farm for networking a special experience.

## SearchCIO

• ### Windows 10 Enterprise: No apologies necessary

Microsoft's Windows 10 Enterprise makes Windows 8 seem like a distant memory. But should CIOs wait or take the bait? Also in ...

• ### AI technology: Is the genie (or genius) out of the bottle?

Artificial intelligence has come a long way since SearchCIO columnist Harvey Koeppel studied with some of the discipline's ...

• ### Free IT strategy plan templates and examples for CIOs

How do organizations gain a competitive edge in today's rapidly evolving tech landscape? With a solid IT strategy plan to guide ...

## SearchConsumerization

• ### Android, Windows tablets from HP take aim at business users

HP released a new line of tablets targeting business users. The HP Pro Slate 8 and Pro Slate 12 run Android and cost \$449 and ...

• ### Microsoft to lay off 18,000, Nokia X moves to Windows Phone

Microsoft will lay off 18,000 people over the next year while the Nokia X line of Android smartphones, which was unveiled earlier...

• ### Microsoft Surface Pro 3 vs. Microsoft Surface Pro 2

Surface Pro 2 and Surface Pro 3 are different enough that Microsoft is keeping both on the market as competing products. Which ...

## SearchEnterpriseDesktop

• ### Windows 10 guide for IT administrators

Windows 10 boasts of bevy of features, including Contiuum, Universal Windows apps, Cortana and improved security. Before you ...

• ### Why you should remove local administrator rights once and for all

Some companies shy away from removing local admin rights just to make users happy, but taking back users' admin privileges can ...

• ### Putting the Windows 10 Action Center to work

The Windows 10 Action Center is a carryover from Windows Phone that puts all your notifications in one place. It also makes ...

## SearchCloudComputing

• ### Taking a multivendor approach to an OpenStack project

Enterprises building an OpenStack private cloud often rely on a managed service provider for implementation. But sometimes, a ...

• ### HP Helion gets a boost from PaaS acquisition

HP has one more Cloud Foundry PaaS offering following an acquisition that may help the company get into more hybrid cloud ...

• ### Rackspace, Intel launch OpenStack training center

Enterprises are interested in OpenStack, but can't find enough IT pros with open source cloud expertise. Rackspace and Intel hope...

## ComputerWeekly

• ### Interview: CCS director Sarah Hurrell on improving government technology purchasing

The government's procurement agency has plenty of critics, but its technology lead insists that IT and digital purchasing is ...

• ### British Gas to invest £500m in connected homes business

Energy provider aims to build on success of its Hive smart thermostat and roll-out of smartmeters

• ### Commercial software more secure than open source, finds report

A study has found that commercial code is more compliant than open source code with security compliance standards, such as the ...

Close