RSA Vs ECC SSL/TLS Certificates
Implementation of SSL certificate need a strong reliable hashing algorithm, why not we use faster, lightweight and more strong encryption algorithm than a conventional RSA system?
SSL public-key is encrypted by secure hashing algorithm (SHA) which also encrypt the certificate signing request (CSR). An encrypted CSR is signed by certificate signing authority like Sectigo, GeoTrust and Symantec etc.
What is RSA SHA encryption?
Now a days asymmetric cryptographic algorithm (RSA) is widely used algebraic algorithm to encrypt SSL public-key and certificate signing. RSA is used as a default SHA method as it is supported by all type of we servers setups.
The acronym RSA is made of the initial letters of the surnames of Ron Rivest (cryptographer and professor at MIT), Adi Shamir (Israeli Cryptographer), and Leonard Adleman (American computer scientist), who first publicly described the algorithm in 1978.
RSA is asymmetric in nature and its security is because of a algebraic fact that factor a large integer composed of two or more large prime factors is difficult and need higher computation power. As the size of integer increase it become more and more difficult. A 3072-bit RSA encryption is stronger then 2048-bit encryption hash.
What is ECC?
Elliptic Curve Cryptography (ECC) is light weight, fastest and safest alternative of prevailing asymmetric cryptographic algorithm (RSA). ECC is advanced encryption algorithm used to encrypt a certificate signing request, till the date its use is very limited and research reveal that less than 0.1% https websites are using ECC encrypted certificate.
Almost all stakeholders like operating systems, browsers and signing authorities are ready for ECC implementation but its use is very limited and RSA is still used as a default encryption method, Why? We will also discuss the implementation obstacles in this article.
Elliptic curve Diffie–Hellman (ECDH) is specifically recommended for key exchange and Elliptic Curve Digital Signature Algorithm (ECDSA) for digital signatures encryption.
All modern browsers and operating systems support ECC encryption. Lets see in detail about the minimum version needed to work with ECC.
Web Browser support for ECC:
|Browser Name||Minimum Version|
|Microsoft Internet Explorer||7|
Operating Systems supporting ECC:
|Operating System||Minimum Version|
|Apple OS X||OS X 10.6|
|Microsoft Windows||Windows Vista and higher|
|Red Hat Enterprise Linux||6.5.xx|
|Android OS (Phone)||3.x|
|Microsoft Windows Phone||7.x|
Certificate signing authorities also support ECC but all SSL/TSL products not include ECC. And it is available without and additional cost. See list of ECC supported certificates.
What are problems with RSA?
Early public-key systems are secure assuming that it is difficult to factor a large integer composed of two or more large prime factors. Following issues about RSA raise concern about its deprecation:
- Low bit size RSA is easy to decrypt. Therefore RSA less than 1024-bit is not used.
- RSA encryption is a deterministic encryption algorithm (i.e., has no random component) an attacker can successfully launch a chosen plain text attack against the cryptosystem.
- RSA is vulnerable to several attacks like "MIMA SSL stripping attack".
- It need higher level of computation for encryption.
- A minimum 2048 bit level of encryption needed for satisfactory level of security. This is a heavy bit size from network point of view, make the website loading little slower.
Why ECC is better than RSA?
For ECC, it is assumed more secure because of "elliptic curve discrete logarithm problem" (ECDLP) that is finding the discrete logarithm of a random elliptic curve element with respect to a publicly known base point is infeasible. (Refrence: Menezes, A.; Okamoto, T.; Vanstone, S. A. (1993). "Reducing elliptic curve logarithms to logarithms in a finite field". IEEE Transactions on Information Theory.)
The security of elliptic curve cryptography depends on the ability to compute a point multiplication and the inability to compute the multiplicand given the original and product points. The size of the elliptic curve determines the difficulty of the problem.
Following properties of ECC make it better option than traditional RSA system:
- It require less computational power then RSA encryption algorithm.
- Smaller size key provide more encryption strength than RSA, 160-bit ECC key provide strength equal to 1024-bit RSA key. If we use 256-bit ECC key, provides a strength equal to 3072-bit RSA encryption, which save 2816-bit of network load and make ssl loading faster.
- ECDLP make it more secure than RSA algorithm, its nearly impossible to brake using modern computers.
- Encryption and decryption need less computational power.
The primary benefit promised by elliptic curve cryptography is a smaller key size, reducing storage and transmission requirements, i.e. that an elliptic curve group could provide the same level of security afforded by an RSA-based system with a large modulus and correspondingly larger key.
Curve25519 is the set of elliptic curve parameters and the reference implementation by Daniel J. Bernstein in C. Bindings and alternative implementations are also available
As per a little possibility ECC could be attacked by " Side-channel attacks" and "Backdoor attacks" but still any of attack is not conducted or demonstrated on ECC.
How to use ECC SSL/TLS certificate?
It is not much different to go for ECC SSL certificate because the basic criteria of SSL generation and installation is same, just need to go for ECC instead RSA SHA. Generate CSR using ECC and opt for ECC signing during SSL generation. Digicert also Offer some ECC certificate.
In final words, ECC is the best option to use rather than RSA which is likely to obsolete in near future. Shifting to ECC will not costs anything additional, will make your website faster to load. And fast loading website gain higher rank on search engines like Google, Bing and Yahoo.