Yayyy! Cryptography. Yayy!
December 5, 2007 5:40 PM   Subscribe

Where can I find some good resources that contrast public key cryptography algorithms (like RSA) with Elliptic Curve?

So, I've been tasked to write up a report that will illustrate the advantages/disadvantages of moving a current, RSA, PKI-enabled system to Elliptic Curve. I have a decent background in cryptography. I know the basic differences between the two but I would like to see some more detail.

So far, I've used Google and various academic Research Databases (ACM, IEEE, etc.) but EVERYTHING I've come across is either too technical or not detailed enough. This report will be presented to a group of non-technical people so I don't want to make the mistake of mis-translating a technical paper and getting something wrong. However, of the non-technical resources, nothing goes into specifics. I'm having a lot of trouble finding something in between.

I know this isn't a very good question. I would probably be yelling at the poster to look harder but I have done that. I've spent the last two days looking for something reasonable. So, if you have any good (i.e. credible and in semi "layman's-ish" terms) resources, I would appreciate your input. Some points of interest:
- how each functions
- advantages/disadvantages of each (in terms of performance, functionality, hardware/infrastructure requirements, etc.)
- security concerns (conventional public key algorithms becoming outdated, integrity of Elliptic Curve, uses in a mission-critical environment)

Thanks for your input.
posted by pallak7 to Computers & Internet (5 answers total) 2 users marked this as a favorite
 
Hmm. This isn't sourced, but the main tradeoff I've gotten is that it is theoretically more efficient (for example, keys use a lot fewer bits) but is less well-understood. So, you're trading known benefits for unknown disadvantages.

Anyway, you probably also want to mention patents, since RSA has an advantage there.
posted by blenderfish at 5:54 PM on December 5, 2007


Also, and I know this is obvious, but did you check Wikipedia?
posted by blenderfish at 5:54 PM on December 5, 2007


Response by poster: Yeah, I know the basics. Elliptic Curve can essentially give you the same level of security with a much smaller key but I was hoping there was something out there like a case study that would illustrate the implementation of both. In what areas was one better than the other? Which one required more resources? Stuff like that.

And, yes, I've looked at Wikipedia but would like to avoid using that as an authoritative source.

Thanks for your input, though.
posted by pallak7 at 6:02 PM on December 5, 2007


There are a number of distinct EC PKC algorithms, much in the same way that RSA and Elgamal are both discrete-log based. NeXT/Apple's FEE algorithm, for example, is touted as having a small memory footprint and fast running times.

So I don't think you can really make a comparison without referring to a specific elliptic curve algorithm. About all you can say about ECC in general is that it was invented much more recently (1987) and uses somewhat more obscure mathematics (unlike RSA, it's not something that yer undergrad number theory class will teach you about).
posted by hattifattener at 7:30 PM on December 5, 2007


Certicom is the company that does the most work with respect to ECC. They probably have white papers online about this very topic. Of course, since they are invested in ECC they are probably not unbiased.

One of my profs when I was in University is one of the big names in this field, so you could get in touch with him and see if there are any papers on the subject. I have notes from my Math of Public Cryptography class laying around somewhere, and I'm pretty sure we discussed the differences in that.

As others have pointed out, a lot of ECC stuff is patented.
posted by chunking express at 7:15 AM on December 6, 2007


« Older Turn it up to eleven and lean the guitar against...   |   When An Expensive, Out-of-print Baby Book Is Your... Newer »
This thread is closed to new comments.