When you are working with SSL encryption, RSA and ECC are the well-known terms. While buying an SSL certificate, you should have a clear understanding of both of these terms. In this article we will see RSA vs ECC Encryption, and try to answer, which of these you should use?
RSA (Rivest–Shamir–Adleman) Encryption
So the RSA encryption is named after its creators, Ron Rivest, Adi Shamir, and Leonard Adleman. The surname of these creators formed the name RSA encryption. It is one of the oldest public key crypto-system, first published in 1977 and is still in use. In this system, the public key is used to encrypt the information, while the private key is used to decrypt the information. It has been one of the most usable standard in encryption in recent decades. As it is a simple encryption, it can run fast. However, the RSA algorithm is considered as slower algorithm. This is the reason why it is not used to directly encrypt the user data. It is generally used to transmit shared keys for symmetric key cryptography, which are then used for bulk encryption and decryption. Some cryptographic libraries such as cryptlib, Crypto++, Libgcrypt, Nettle, OpenSSL, wolfCrypt etc. provides support for RSA encryption.
Usually the RSA keys are 1024 – bit and 2048 – bit long. From the security point of view, the 1024-bit RSA keys are not considered fully secure. The plain RSA can be attacked with chosen plaintext attack model. This is why, Most of the organisations right now are moving towards 2048 – bit keys. RSA may not be scalable, but it is believed that in internal organisations, it can be much faster. However, many organisations avoiding the RSA encryption now because of slow key generation/algorithm and due to maximum consumption of machine resources.
An example of RSA encryption SSL certificate:
ECC (Elliptic-curve cryptography) Encryption
The Elliptical curve cryptography (ECC) in the public-key cryptography uses elliptic curves over finite fields. This technique uses the elliptic curve theory. It can be used to create the smaller, much faster and more efficient cryptographic keys. Instead of using traditional method to generate product of very large prime numbers, it uses elliptic curve equation to generate keys. ECC is used in the well-known cryptocurrency i.e. Bitcoin. For hackers, it is really hard to crack ECC algorithm that works on Elliptic Curve Discrete Logarithm Problem (ECDLP).
The ECC certificate has often smaller size because the information necessary to exchange for the validation is less. For the organisations having long-term security solution as a primary concern, ECC may be ideal choice. Also, hybrid SSLs can be utilized to use ECC on RSA trusted root keys.
Here’s an example of ECC encryption based SSL certificate.
RSA vs ECC Encryption: Which you should use?
Here is a quick comparison between RSA and ECC. It will help you to decide which is must better for you.
# | RSA | ECC |
---|---|---|
1 | It has a slow algorithm and it may make maximum use of computer resources such as battery etc. | The algorithm is fast as key sizes are smaller, less burden on system resources. |
2 | It is vulnerable against quantum computers and brute force attack. | It uses ECC algorithm that works on Elliptic Curve Discrete Logarithm Problem (ECDLP), it is quite hard for hacker to crack it, hence much secure. |
3 | In RSA, longer keys may be required for higher security. | The key size and certificate are much smaller. |
4 | In RSA, scalability is not optimal. | Scalability is improved as the higher traffic can be handled by server because of lower overhead. |
5 | Easy to deploy with existing infrastructure. | It may require special hardware equipment adjustment. Also, you can use hybrid SSL to use ECC with RSA trusted keys. |
Hope you find the article useful!