Elliptic curve cryptography is one of the most powerful techniques used in the field of modern cryptography. Just to be clear, elliptic curves have nothing to do with ellipses. I agree that the name can be slightly misleading, but once we discuss what elliptic curves are, it will become much clearer. So as you may have already guessed, elliptic curve cryptography (ECC) is based on the properties of elliptic curves. ECC is very useful in internet security and it is being deemed as the successor to the almighty RSA crypto system. If that didn’t make sense to you, don’t worry! We are going to discuss everything in detail. A lot of of websites are increasingly using ECC to secure everything like customer data, connections, passing data between data centers, etc. So what makes ECC so special? Is it strong enough to take over the world?
Let’s start from the beginning, shall we?
Before we talk about ECC, let’s discuss about general cryptography a little bit. Cryptography has been around for centuries, and it keeps getting stronger and faster with each passing year. It has evolved from simple ciphers to mechanical rotors, and then to highly sophisticated computerized systems. But if we have to pick a special moment, it has to be the year 1977 when the RSA algorithm was introduced. RSA is named after Ron Rivest, Adi Shamir, and Leonard Adleman, the legendary scientists who came up with this algorithm. This was arguably one of the biggest breakthroughs in the entire history of cryptography. This algorithm was groundbreaking because it represented the first viable cryptographic scheme where security was based on numbers, as opposed to relying on physical things. It was the first algorithm that allowed secure communication between two people without the need for having a shared secret key.
For example, if you want to open a strong box, you need a key to open it at all times. If you want to share it with an ally, the ally will need a key too. This new algorithm said that such a thing was not required. The entire crypto scenario changed after this! We didn’t need to transport secret codebooks or thick boxes around the world anymore. We could just send a message out in the open, and even if someone got their hands on it, they wouldn’t be able to open it because it was mathematically secure.
Say hello to public key cryptography
As we all know, this is the age of the internet. We want to send text messages, images, and videos around the world. Basically, everything is in digital format and we need to transport those bits securely. So to address this need, modern cryptography is based on the idea that the key that you use to encrypt your data can be made public while the key that is used to decrypt your data can be kept private. Wait a minute, that sounds like a lot of jargon, right? Okay, to understand this, let’s say you want to send a message securely to your friend. Now, instead of just sending the message directly, you would like to encode it. If you don’t encode it, it will be very easy for the attacker to see the message. We don’t want that!
So to do that, you have a black box which converts a given message into some form of code. This black box is available to everyone. But the interesting part is that, to decode the message, you need a special key. This is called a “private key”, because it’s a secret. As in, only the receiver has this key. So as you can see, even if the attacker gets his hand on the coded message, he will not be able to do anything with it because he doesn’t have the private key. This is what we call Public Key Cryptography, and it is used extensively in the field of internet communication, banking, defense, data storage, and in many other places as well. RSA algorithm was the first system to utilize this concept and build a functional crypto system. It is still one of the most widely used crypto schemes.
What’s the X-factor here? What’s the thing that makes it work?
We can talk all day about the intricate implementations and techniques, but it boils down to mathematics at its core. The RSA algorithm is based on numbers, prime numbers to be specific! One of the most important requirements of a public key cryptographic system is an algorithm that is easy to process in one direction, but difficult to process in the other. As in, the algorithm should make it difficult to get the original data back. For example, let’s say you throw a red ball into a room full of red balls. Throwing a ball is easy, but getting that ball back is hard. In the case of RSA, the algorithm multiplies two prime numbers and gets the product back. Multiplication is easy! But if I ask you to recover those two prime numbers back from the product, it’s very difficult. The algorithms that have this special characteristic are called trapdoor functions. A trapdoor function lets you go easily in one way, and makes it very difficult to get back. Designing a good crypto system essentially boils down to finding a good trapdoor function. Needless to say, the bigger the difference between the difficulty levels of going in one direction and coming back, the more secure a cryptographic system is.
You might be wondering that we are almost near the end of the blog post and we haven’t discussed ECC yet. Well, we will be doing that soon. In order to understand ECC, we first had to understand how public key cryptography works. In the next blog post, we will discuss why RSA is not sufficient, and why we need ECC in the first place.