Elliptic Curve Cryptograph (ECC) Demo

Bruce Morton

Elliptic curve cryptography (ECC) for use on the Internet is gaining more support and interoperability amongst application developers. Entrust is proud to announce that ECC-based digital certificates are now supported by the full suite of Entrust Authority solutions.

The promise of ECC is greater security for a given key length. This allows implementations to use smaller keys for equivalent security which saves computation time, memory and power. This can be very attractive for deploying security in constrained environments such as PDAs and smartphones. So attractive that BlackBerry mobile device maker Research In Motion (RIM) acquired Certicom, the leader in ECC technology, in 2009. RIM and Certicom will host their annual ECC Conference in June in Toronto.

As the need to move off of 1024-bit RSA keys intensifies, more companies may turn to ECC. Switching from 1024- to 2048-bit RSA (RSA-2048) results in signing operations that take up to six times longer. In many instances, a performance penalty of this magnitude may simply be unacceptable.

One alternative that can offer better performance and equivalent security is ECC. For example, a 224-bit prime modulus elliptic curve key (EC-P-224) and a RSA-2048 key both offer 112-bits of security; however, tests in Entrust labs indicate a signing operation using EC-P-224 can be as much as 35 times faster than a signing operation with RSA-2048.

It will take some time before ECC certificates are widely available on the Internet. In the meantime, Entrust is offering free ECC demonstration certificates to assist in your ECC solution development, interoperability testing and rollout plans.

Entrust also has plans for publicly trusted ECC SSL certificates. Stay tuned. More on that in a later post.

Bruce Morton
Bruce Morton
Director, Certificate Technology & Standards

Bruce Morton has worked in the public key infrastructure and digital certificate industry for more than 15 years and has focused on SSL and other publicly trusted certificates since 2005. He has been an active member of the CA/Browser Forum that released guidelines for extended validation (EV) certificates and Baseline Requirements for SSL certificates. Bruce oversees the governance and compliance of Entrust’s publicly trusted PKI.


Add to the Conversation