As part of our series on cryptography, below is a summary of the main differences between encryption methods:
- Hashing works one way and is an example of a trapdoor function; users can compute the hash of data of an unknown/large size h(m). To make the hash more secure, one can add a salt to the message; a salt is usually a random string. Generally, it is effortless to compute the hash, but it should be impossible to compute the data input from the known hash;
- In contrast, encryption is two way. If I have the private and the public key, it is relatively easy to encrypt the plaintext and decrypt the ciphertext;
- Elliptic Curve Cryptography (ECC) and RSA are both examples of asymmetric and public key encryption techniques;
- RSA is easier to break than ECC. It is easier to find the two prime numbers which compute the large prime number, and thus, the public key, than to find the pattern used within the elliptic curve. Resulting, ECC is more difficult to compute mathematically than RSA, but also more difficult for developers to implement;
- Because developers perceive RSA to be easier to implement, they often introduce errors in their implementation;
- “The European Union Agency for Network and Information Security (ENISA) recommends for RSA the length of 3072 Bits formedium term security and 15.360 Bits for long-term security.” (3) In contrast, ECC requires 160 Bits for medium-term and 512 Bits for long-term security.
- Elliptic curve encryption can be implemented more easily than Diffie Hellman encryption;
- ECC has a lower CPU consumption and memory usage because a smaller key is required to achieve the same level of security as with RSA;
- ECC patents still restrict mass implementation; most of the RSA patents expired in 2000 (4);
- Users can use the same elliptic curve with the same properties to compute many public keys, but one cannot reuse the same prime numbers for RSA;
- “The only scientifically established advantage of RSA over Elliptic Curve Cryptography is that public key operations (e.g. signature verification, as opposed to signature generation) are faster with RSA.” (4)
- ECC uses less power consumption; therefore, it can be implemented on low power devices, e.g. mobile phones.