There are several slightly different versions of ECC, all of which rely on the (widely believed) difficulty of solving the [discrete logarithm]? problem for the group of an elliptic curve over some finite field. The most popular finite fields for this are the integers modulo a prime number (see modular arithmetic), or a [Galois field]? of size a power of two. (Galois fields of size of power of some other prime have also been proposed but are considered a bit dubious.)
The actual methods used are adaptations of older discrete logarithm cryptosystems originally described for use on other groups. These include Diffie-Hellman, [El Gamal discrete log cryptosystem]? and DSA?.
Doing the group operations needed to run the system is slower for an ECC system than for a factorisation system or modulo integer discrete log system of the same size. Since the speed of all these systems is barely acceptable even on the computers of 2001, this is a major concern. However, proponents of ECC systems believe that they can get away with much smaller systems than the others, to the extent that ECC can actually be faster than, for instance, RSA. Published results to date tend to support this belief, but some experts are skeptical.
For comparison, in 2001 some experts (Which experts ? Some citations please) are suggesting these sizes for various public key systems for a security level appropriate to major business transactions that require secrecy:
RSA (based on difficulty of factorisation) 1024 bits.
DSA (based on difficulty of discrete log for integers modulo a prime) 1024 bits.
ECC (based on difficulty of discrete log for discrete ECC system) 200 bits.
ECC is widely regarded as the strongest asymmetric algorithm at a given key length, so may become useful over links that have very tight bandwidth requirements. A GPL'ed open source implementation of ECC can be found by digging in the source code for [e-speak].
External links:
![[Home]](wikipedia.png)