ECC or RSA?
Endrõdi Csilla <csilla@mit.bme.hu>
BME MIT
Hornák Zoltán <hornak@mit.bme.hu>
BME MIT
Selényi Endre, Dr. <selenyi@mit.bme.hu>
BME MIT
In our days most of the public key systems being used in practice are based on the RSA algorithm, even through that this is not the only solution. The fact itself, that there exist alternatives is significant already, since the security of RSA have not been proved mathematically yet – we know “only” that nobody succeeded to break it efficiently since a quarter of a century. However it can happen still that somebody finally will be able to find an efficient algorithm for the resolution. Having no alternative solution could lead to great trouble, since most of the security services are based on the public key cryptography.
Naturally we should treat the alternatives not just as “spare solutions”, but it is worth to investigate them as congenial rivals. While they have different mathematical backgrounds, it is not an astounding fact that they behave distinctly in many ways. Searching for the best solution, it is worth to compare them by all means.
In my lecture I present a comparison between two cryptographic systems: the well-known and world-wide used RSA and the recently arose ECC (Elliptic Curve Cryptography). Main target of my disquisition was the efficiency of these systems. My statements are based on the analysis of the tests executed in practice.
The choice of ECC can be explained by that well-known (however also not proven) fact, that no efficient algorithm for breaking ECC has been found until this day, unlike other public key systems. This fact means that ECC can warrant the same security with fewer bit-long keys, like RSA or other cryptosystems. This accomplishment keeps a promise to practical application possibilities. On the other hand we should not forget that using shorter bit-size is not the only crucial aspect in the assay of an algorithm's goodness. Other significant parameters are the speed of execution, the difficulty of key generation and establishment of system parameters, the size of data to be stored, the needed amount of messages in course of certain protocols and other special requirements or limitations. These all have to be scrutinised before reaching a verdict.
The behaviour of the systems characteristically depends on the applied key size. That's why we should compare the systems keeping in mind to use keys that provide the same security level. I have determined these key-size-pairs by employing international research results.
Analysing the result database of the executed tests, I could uncover and state several characteristics of the systems. This achievement is summarised and presented on well-epitomised tables and diagrams.
On the grounds of these statements an unambiguous adjudication can be returned regarding the goodness of the algorithms, but this decision can't be generalised. For different applications (having different functionality, crucial points and other special requirements) one or the other system could be the suitable choice. Decision should always be made depending on the requirements of the application being developed. I am sure that this collection of statements about these two systems' behaviour will lend a valuable assistance in this decision.