Asymmetric Encryption is also known as Public Key Encryption. Instead of using one secret key for both encryption and decryption, as with symmetric encryption, users have a private and a public key, which are linked together mathematically. Public keys can be distributed to anyone, but private keys must be kept private; otherwise, anyone who has access to someone’s private key, can read their encrypted messages. As a result of this decoupling of private and public keys, Alice can encrypt a message for Bob with Bob’s public key. The message can only be decrypted with Bob’s private key. Ultimately, this means that no one other than Bob can decrypt the message.
Asymmetric encryption solves the principal problem of symmetric encryption. With symmetric encryption, it is difficult to get the secret key to the other party without an adversary intercepting the key and decrypting the message. In contrast, asymmetric encryption allows everybody to share their public key with each other and allows encrypted messages to be sent easily and confidently. Without the user’s private key, no one can read the encrypted messages. Ultimately, attackers intercepting the cipher text would have no possibility, without the private key, to decrypt the message.
Elliptic Curve Cryptography is a public key encryption technique. It is based on elliptic curve theory.
Elliptic curve theory and RSA encryption
RSA is the acronym for “Rivest–Shamir–Adleman,” composing “the surnames of Ron Rivest, Adi Shamir, and Leonard Adleman, who first publicly described the algorithm in 1978.” (8) Like RSA, Elliptic Curve Cryptography (ECC) is used to find the public key of asymmetric encryption. ECC is based on the idea that it is straightforward to compute a function B from a function A. However, it is a lot harder to calculate A from B. RSA, in contrast, takes two prime numbers and multiplies these together. This computation is very easy; any calculator can execute this. But if someone wants to factor a large prime number, it is virtually impossible. This is known as a trapdoor function. In comparison to RSA, the elliptic curve is more secure.
RSA would need a 3072-bit key to achieve the same security that ECC achieves with a 256-bit key. A bit is composed of either 0 or 1, which is the smallest unit of data in a computer. Computers usually communicate in bytes, which are meaningful collections of bits. The key size of ECC encryption requires fewer bits, whereby users receive the same level of protection as with RSA. “The European Union Agency for Network and Information Security (ENISA) recommends for RSA the length of n 3072 Bits for the medium term, 15,360 Bits for long-term security. For ECC for the greatest prime divisor of the group order 160 Bit for medium-term and 512 Bit for long-term security.” (3)
ECC is based on the property that the curve is symmetric around the x-axis. Any straight line, which is drawn through the curve, will intersect the curve at no more than three points.
To receive the first dot ‘R,’ the user can take the first three dots ‘P’,‘Q’ and ‘-R.’ Because the curve is symmetric, the line and the dots can be mirrored around the x-axis. Resulting, the user can draw a straight line, perpendicular to the x-axis through ‘-R.’ This line will intersect the graph at R. Afterwards, ‘P’ has to be connected with ‘R’; this is called dotting ‘P’ to ‘R,’ which would intersect the graph once more. The dot between P and R can be called ‘S.’ Again, the user can mirror ‘S’ on the positive side of the graph. This intersection point can be called ‘-S.’ Dotting ‘P’ to ‘-S’ would result in another point. This process can be continued n number of times, each time generating a new value.
To keep the values within a predefined range, users would set a max value parallel to the x-axis. The primary value is usually the key size. If the max is larger, the graph would be larger and the generated values would be within a greater interval.
Ultimately, the private key is the number of times the curve is dotted with itself.
The benefit of Elliptic Curve Cryptography is that even if the function and the graph, as well as the maximum, is public, it is challenging to find n; the number of times the graph has been dotted to arrive at the maximum point.
Some of the differences between ECC and RSA asymmetric encryption are that RSA requires a larger key pair to be as secure as ECC can be with a smaller key pair. ECC has less energy consumption. Therefore, it can be implemented on low power devices like mobile phones. Besides, it is more difficult to compute ECC encryption keys since the mathematical process is more advanced. To implement either encryption standard into a platform, developers must have a detailed understanding of its mathematics. A recurring problem is that developers implement existing code libraries of the given encryption standard without customising these to the application. This can introduce errors and reduce the security provided through the encryption. Because of the increased complexity associated with ECC, it is more difficult for developers to successfully implement it. Furthermore, the same elliptic curve can be reused several times to compute a private-public key pair, while not compromising on security. However, with RSA, the same prime numbers cannot generate different key pairs. “The only scientifically established advantage of RSA over Elliptic Curve Cryptography is that public key operations (e.g. signature verification, as opposed to signature generation) are faster with RSA.” (4)
Elliptic Curve Cryptography and RSA are used to generate a private-public key pair, whereby the public key can be freely accessible to anyone, and only the private key must be securely stored. All encryption standards have several advantages and downsides. Note that none of the encryption methods outlined so far are one hundred percent secure. A platform will choose to implement one or the other depending on its functionality and the goal of the encryption.