Elliptic Curve PKI: An Exploration of the Benefits and Challenges of a PKI Based on Elliptic Curve Cryptography

Public-key cryptography has achieved enormous success in protecting users from identity theft resulting from transactions on the Web, e-mail correspondence and VPN sessions. But, it is well accepted in information security circles that cryptographic algorithm strength erodes with time, as the computing power available to cryptanalysts increases and the cryptanalytic techniques they use improve. Security architects respond to this trend by specifying larger key sizes, and since the computing power available to the legitimate user also increases with time, the attendant performance degradation is - at least partially - offset. This paper gives a brief introduction to elliptic curve cryptography, discusses its security and performance characteristics and considers the advantages of, and challenges associated with, rolling out, or transitioning to, a PKI based on ECC.