Elliptic Curve Cryptography

Ideas to everything that could be useful. Proposals and tips for JonDonym programming.
Post Reply
Posts: 188
Joined: Sat Aug 25, 2012 1:02

Elliptic Curve Cryptography

Post by sovereignpress » Mon Dec 30, 2013 20:40

There was some discussion a few years back on this forum about possibly implementing elliptic curve cryptography to replace RSA. We all know that RSA, which is based on factoring, is more easily liable to a brute force attack. The answer to counter this is increasing the key size. The problem with this, however, is that it can slow down the service.

ECC is the talk by everyone now because it offers (arguably) better security than RSA with faster processing. 512-bit ECC is equivalent to 256-bit key (symmetric), unlike RSA which requires over a 15000 key size to equal 256-bit key (symmetric).

My understanding is that the NSA recommends a 1:1 approach. Put differently, a 128-bit (symmetric) key should be protected by a 3072-bit (asymmetric) key.

This is all but impossible (in practice) with RSA and 256-bit symmetric encryption.

It would seem ECC is superior to RSA. However, with all the ado about ECC and it being pushed by the NSA, some have speculated (including Bruce Schneier) that the NSA "may" more easily break ECC (perhaps due to some arcane knowledge) and that is why it is being pushed (possibly).

With all its faults, RSA has been around forever and has been studied to death. ECC, on the other hand, has been much less analyzed.

Could ECC be a NSA trap? Does the answer lie in using very large keys--whether ECC or RSA?


Re: Elliptic Curve Cryptography

Post by cane » Tue Dec 31, 2013 11:23

Could ECC be a NSA trap?
The security ECC doesn't depend only on key size. It depends on parameters of the elliptic curves too.

Some NIST recommendation of curve parameters are suspected to be influenced by NSA.

But there are recommendations by independent crypto experts available too like "Curve25519" by Daniel J. Bernstein or "Edwards coordinates" by Harold M. Edwards (improved by Bernstein/Lange), well documented and secure.

In my opinion ECC can be a replacement for RSA, if large key size was required. The computational complexity of RSA increases with n^3 with increasing key size n. It is not useful to increase the key size for RSA without limits.


Re: Elliptic Curve Cryptography

Post by cane » Fri Jan 10, 2014 20:32

Choosing safe curves for elliptic-curve cryptography: http://safecurves.cr.yp.to/

Some parameter sets are safe, some parameter sets are broken.

By: Daniel J. Bernstein and Tanja Lange

Post Reply