What is Elliptic Curve Cryptography
Elliptic curve cryptography (ECC) is an approach to asymmetric encryption that uses the mathematics of elliptic curves over finite fields. It provides the same security as RSA with dramatically smaller keys: a 256-bit ECC key provides roughly the same security as a 3072-bit RSA key. Smaller keys mean faster operations, less bandwidth, and lower storage.
How it works
An elliptic curve is defined by an equation like y^2 = x^3 + ax + b over a finite field. The key mathematical operation is point multiplication: given a point G on the curve and a scalar k, computing k * G (adding the point to itself k times) is fast. But given G and k * G, finding k is computationally infeasible. This is the elliptic curve discrete logarithm problem.
- The private key is a random scalar
k. - The public key is the point
k * G.
Common curves include:
- P-256 (secp256r1) — NIST standard, widely used in TLS and certificates
- Curve25519 — designed by Daniel Bernstein, used in Ed25519 signatures and X25519 key exchange
- secp256k1 — used in Bitcoin and Ethereum
ECC supports encryption (ECIES), digital signatures (ECDSA, Ed25519), and key exchange (ECDH). Ed25519 has become the default for SSH keys — ssh-keygen -t ed25519 is now the standard recommendation.
Why it matters
ECC is replacing RSA across the industry. TLS 1.3 uses ECDHE (elliptic curve Diffie-Hellman) for every key exchange. Modern SSH defaults to Ed25519. Mobile devices and IoT systems benefit from ECC's smaller key sizes and faster computations. Understanding ECC is essential because it is the asymmetric cryptography of the present, not just the future.
See How Asymmetric Encryption Works for the full comparison with RSA.