Home

Microsec

RSA or ECC? - Frequently asked questions

RSA or ECC? - Frequently asked questions

26 August 2022 - 2:53pm
An increasingly common question from Microsec's customers and partners is which cryptographic algorithm is better, RSA or ECC. Answers to these questions are collected in this FAQ, taking into account the security, speed and related regulatory requirements of both solutions.

How long can each algorithm be used?

The table below shows how long the different algorithms and key sizes can be used according to ETSI TS 119 312 V1.4.2 and SOGIS ACM 1.2 Recommendation. These are the standards which are also considered by the National Media and Communication Authority (NMHH) as a starting point.

Minősítések

This shows that the RSA algorithm is not usable for a long time, while the ECC algorithm has no time limit on its usability. In any case, ECC is recommended for documents that will be kept for a long time.

The use of RSA-PSS is not recommended because it is virtually unsupported in software.

How powerful and how fast is each algorithm?

The following table, based on NIST SP 800-57, compares the security of each algorithm and key length. The original table was supplemented with Microchip speed comparison data, so that the table also shows the speed difference between the algorithms for different key sizes.

Minősítések

The table shows that the 2048-bit RSA keys in use today provide only 112 bits of security. In contrast, the most common key size for ECC is 256 bits, which provides 128 bits of security, which is nowadays a basic requirement. While ECC achieves the same or higher security than RSA with much smaller key sizes, ECC is at least 10x faster than the RSA algorithm, which provides the same security.

Where is the ECC required?

In many areas, industry standards specifically require the use of ECC for smaller key sizes and better performance.

Examples include, but are not limited to, the following standards:

  • ZigBee network standard
    ZigBee is an open, wireless communication protocol for low-power IoT devices to communicate with each other over an ad hoc network in an encrypted manner. The ECC algorithm is recommended for encryption due to its lower resource requirements.
  • ITS (intelligent transport) standards
    The US Department of Transportation requires the ECC algorithm in its standards to protect the security of vehicle-to-vehicle communications.
  • Smart meter standards
    The German BSI (Federal Office for Information Security) specifies the use of the ECC algorithm in the BSI-CC-PP-0073 protection profile for smart metering devices when communicating with the gateway.

Sources:
NIST SP 800-57 PART 1 REV. 5
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf

RSA vs. ECC Comparison
https://ww1.microchip.com/downloads/en/DeviceDoc/00003442A.pdf

 

© 2023 Microsec Ltd. | Company registration number: 01-10-047218 | Tax number: 23584497-2-41

Scroll to Top