1. Security of RSA is increased by increasing key length but in turn, it has heavier processing load.
2. Hence “Elliptic Curve Cryptography “ is used which gives equal security for a smaller key size thereby reducing processing achieved.

3. Elliptic Curve Encryption / Decryption :

   a) The first task in this system is to encode the plaintext message m to be sent as an x-y point Pm.

   b) It is the point Pm that will be encrypted as a ciphertext and subsequently decrypted.

   c) We can’t simply encode the message as the x or y co-ordinate of a point, because not all such coordinates are in Eq (a , b).

   d) As with the key exchange system, an encryption / decryption system requires a point G and an elliptic group Eq (a , b) as parameters. Each user A selects a private key nA and generates a public key $P_A = n_A × G$.

   e) To encrypt and send a message Pm to B, A chooses a random positive integer k and produces tnhe ciphertext Cm consisting of the pair of points:

   $Cm = {kG, Pm + kP_B }$

   f) Note that A has used B’s public key PB. To decrypt the ciphertext, B multiplies the first point in the pair by B’s secret key and subtracts the result from the second point :

   $Pm + kP_B nB (kG) = Pm + k (n_B G) n_B (kG) = Pm$

   g) A has masked the message Pm by adding kPB to it. Nobody but A knows the value of k, so even though PB is a public key, nobody can remove the mask kPB. However , A also includes a “clue”, which is enough to remove the mask if one knows the private key nB. For an attacker to recover the message, the attacker would have to compute k given G and kG, which is assumed hard.

4. Security of Elliptic Curve Cryptography :

   • The security of ECC depends on how difficult is to determine k given kP and P. This is referred to as the elliptic curve logarithm problem.
   • The fastest known technique for taking the elliptic curve logarithm is known as the Pollard rho method.
   • A considerably smaller key size can be used for ECC compared to RSA. Furthermore, for equal key lengths, the computational effort required for ECC and RSA is comparable. Thus, there is a computational advantage to using ECC with a shorter key length than a comparably secure RSA.

5. Elliptic Curves:

   • Elliptic curves are not ellipses.
   • They are so named because they are described by cubic equations similar to that used for calculating circumference of ellipse.
   • In general, cubic equations for elliptic curves take the form:

   $y^2 +axy + by = x^3 + cx^2 + dx + e$

   Where a,b,c,d,e are real numbers.

   Consider an elliptic curve:

   $y^2 = x^3 + ax + b$ -> Cubic eqn. highest power =3.

   For given values of a and b say (n=1 and b-1 ) the curve is as shown below:

   $y^3 = x^3 + ax + b$

$$\text{Figure 5.5 Elliptic Curve}$$