1. Introduction
ECDSA (Elliptic Curve Digital Signature Algorithm) is an asymmetric key encryption algorithm that uses elliptic curve cryptography to produce keys and sign data. On the other hand, RSA (Rivest-Shamir-Adleman) is also an asymmetric encryption scheme that generates its keys by multiplying two pseudo-random prime numbers.
These two cryptographic systems are the most widely used on the internet for securing different services, from email to HTTP connections. They are often used interchangeably.
In this tutorial, we’ll learn why we choose one over the other.
2. Similarities Between ECDSA and RSA
2.1. Encryption Type
ECDSA and RSA use asymmetric key cryptography for generating digital signatures and encryption/decryption.
2.2. Versatility
We can use either our public or private key to sign some data using ECDSA. The same is true for RSA. The choice of which key to use depends on the purpose.
If we sign using a private key, we intend to prove that we’re the rightful sender. The public key will, in this case, be used to verify that the sender actually knows the private key.
Conversely, if we use the public key for signing, the intention is that only the person with the private key will be able to unlock the sent message.
2.3. Weaknesses
Both algorithms are susceptible to side-channel attacks. These attacks do not directly target the algorithm but rather environment properties like cache access patterns, electrical pulses, and the sound made during computations.
We can implement some safeguards to counter them, for example, by introducing random processing delays or implementing a silicon-based hardware root of trust.
3. Differences Between ECDSA and RSA
3.1. Key Generation
These two cryptosystems rely on different mathematical properties for their security. The basic principle is that it’s impractical for a hacker to brute-force the private key that was used to produce the ciphertext.
ECDSA relies on points on elliptic curves bounded over a finite field. The two geometric properties of these curves are of particular interest to cryptography:
- Any line touching the elliptic curve cannot cross it at more than three points
- Points on the curve are symmetrical along the X-axis
These properties enable us to define points on a curve as a group. A group here refers to a collection of integers with four mathematical properties of interest: associativity, closure, identity, and having an inverse value for each element. The properties enable us to make operations on the elliptic curve points.
In ECDSA, the private key () is randomly generated from the order n of an elliptic curve. We then choose a generator point to produce the public key () with the relationship: .
In contrast, RSA relies on the difficulty of factoring large prime numbers for its security.
We choose two sufficiently large random integers and then multiply them. The result forms a part of the public and private keys.
The whole point is that it’s intractable (impractical) for one to find the two prime numbers that we used to generate the keys. For a 2048-bit RSA encryption, we choose primes that are at least 1024 bits.
3.2. Weaknesses
If the two chosen random numbers in RSA are too close to each other, then an attacker could easily guess the keys. The numbers also need to be very large. Otherwise, a hacker can easily guess which numbers were used.
Additionally, if a weak pseudo-random number generator (PRNG) was used, then our encryption is also at risk. Weak, here means that the PRNG has low entropy. That is, it uses a small set of numbers as a source for its randomness. Therefore, a malicious actor can easily go through all the possible combinations and guess which prime numbers were used.
Therefore, we must only use PRNGs that have been verified to be cryptographically secure.
For ECDSA, we only need one random number. The size isn’t of particular interest to us. However, the type of elliptic curve chosen is of interest as some curves can allow an attacker to easily brute-force the encryption.
3.3. Key Length
ECDSA provides a significantly smaller output length for the same security level as RSA.
For example, a 3072-bit RSA signature provides the same level of security as a 256-bit ECDSA signature.
3.4. Speed
ECDSA runs faster than RSA. It also requires significantly less memory. This is a particularly important property for use in mobile devices increasingly requiring secure communications with moderate computing resources.
3.5. Difficulty
RSA is straightforward for a programmer to implement. On the contrary, the ECDSA algorithm is more difficult to implement and can affect the algorithm’s security.
We need to ensure that the elliptic curves we use can not enable an attacker to find an implementation that solves the discrete logarithm problem in polynomial time.
A particular attack that can occur because of poor implementation is a twist attack. This attack involves a malicious actor (A) giving the message receiver (B) a set of carefully chosen points on the elliptic curve for B to cipher. If the algorithm that B has uses a poor implementation, then A can be able to uncover the private key from the cipher text from B.
4. Applications
Let’s now look at some areas where these algorithms are commonly used. It’s worth noting that since RSA has been around for much longer than ECDSA, it is more used. Though, the trend is gradually shifting.
ECDSA
RSA
Bitcoin, Ethereum, and many other cryptocurrencies rely on it for signing transactions and generating wallet addresses. The implementation Bitcoin uses is called secp256k1
The OpenVPN protocol uses RSA for communication between the client and server VPN
Apple also uses it to protect iMessages
Email encryption also uses RSA
SSL uses RSA in web browsers to protect against man-in-the-middle attacks and data sniffing
GNU Privacy Guard also uses 2048-bit RSA as its default encryption level. The developers expect this key size to be safe till 2030.
5. Conclusion
In this article, we analyzed two algorithms: ECDSA and RSA.
Organizations normally find themselves using RSA since it’s simpler to implement. However, more applications are shifting towards ECDSA due to its lower computing resources.