GlobalSign Blog

ECC 101: What is ECC and why would I want to use it?

ECC 101: What is ECC and why would I want to use it?

SSL certificates most commonly use RSA keys and the recommended size of these keys keeps increasing (e.g., from 1024 bit to 2048 bit a few years ago) to maintain sufficient cryptographic strength. An alternative to RSA is ECC. Both key types share the same important property of being asymmetric algorithms (one key for encrypting and one key for decrypting). However, ECC can offer the same level of cryptographic strength at much smaller key sizes - offering improved security with reduced computational requirements. Let's take a look at what ECC is and why you may want to consider using it.

What is ECC?

ECC stands for Elliptic Curve Cryptography, and is an approach to public key cryptography based on elliptic curves over finite fields (here is a great series of posts on the math behind this).

How does ECC compare to RSA?

The biggest differentiator between ECC and RSA is key size compared to cryptographic strength.

Key Size comparison

As you can see in the chart above, ECC is able to provide the same cryptographic strength as an RSA-based system with much smaller key sizes. For example, a 256 bit ECC key is equivalent to RSA 3072 bit keys (which are 50% longer than the 2048 bit keys commonly used today). The latest, most secure symmetric algorithms used by TLS (eg. AES) use at least 128 bit keys, so it makes sense that the asymmetric keys provide at least this level of security.

Why would I want to use ECC?

The small key sizes make ECC very appealing for devices with limited storage or processing power, which are becoming increasingly common in the IoT. In terms of more traditional web server use cases, the smaller key sizes can offer speedier SSL handshakes (which can translate to faster page load times) and stronger security.

How can I start using ECC?

GlobalSign offers ECC for all our SSL certificates. If you’re interested in ordering an ECC SSL certificate, or want to replace your existing SSL certificate via our free self-service reissue process, you need only generate an ECC CSR and paste that into your order. For more information about how to generate an ECC CSR and for a list of browsers and servers that support ECC, please visit our support page.

Watch SSL Best Practices Webinar

Share this Post

Recent Blogs