Best Practices in Elliptic Curve Cryptography for Enhanced Security

Gazi Sultan and Dr. Ivona Grzegorczyk


In the realm of public key cryptography, popular asymmetric key algorithms have
outdated their predecessors, offering enhanced security and performance in response to increasing demand. While there are many algorithms that have been developed over the years in computer science, the ones to gain the most extensive support are RSA and now, ECC (Elliptic curve cryptography). Most public key cryptosystems, such as the Diffie-Hellman Key Exchange, rely on the difficulty of solving the Discrete Logarithm Problem (DLP). However, without proper authentication, Diffie-Hellman algorithm is susceptible to man-in-the-middle attacks. On the other hand, in RAS one faces the computational overhead involved, particularly in smartphone and tablet environments, as a result, the performance issue of RSA is a great obstacle. Key length is another issue, as RSA keys are required to be 2048-bit long, because with advances in cryptography and computational resources, 1024-bit keys are deemed insufficiently secure against several attacks. Elliptic curve cryptography is a new kind of cryptographic algorithm that has been developed for increased security and more robust network performance. One can translate public key cryptosystems based on DLP to Elliptic curve cryptosystems as the Elliptic Curve Discrete Logarithm Problem is believed to be more challenging and therefore harder to break. Nevertheless, there are certain precautions one needs to take when using Elliptic Curve Cryptography to avoid them being compromised. Therefore, certain restrictions and conditions are to be met when choosing such a curve. Unfortunately, there are only a handful of secure elliptic curves that are publicly known and used. The goal of this research is to explore those restrictions and conditions and identify elliptic curves that provide enhanced security against malicious attack.

One Comment

Comments are closed.