If ECC is stronger than symmetric, then why is does the key need to be more bits?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
If ECC is stronger than symmetric, then why is does the key need to be more bits?
Quote:
One of the asymmetric algorithm types, elliptic curve cryptography, or ECC, appears to be secure with shorter keys than those needed by other asymmetric key algorithms. NIST guidelines state that ECC keys should be twice the length of equivalent strength symmetric key algorithms. So, for example, a 224-bit ECC key would have roughly the same strength as a 112-bit symmetric key. These estimates assume no major breakthroughs in solving the underlying mathematical problems that ECC is based on. A message encrypted with an elliptic key algorithm using a 109-bit long key has been broken by brute force.
I am a little confused. If ECC is stronger and can use a smaller bit key than a symmetric algorithm, why would a larger ECC key that is 224-bit have the same strength as a smaller 112 bit symmetric key?
If ECC is stronger and can use a smaller bit key than a symmetric algorithm
Not a smaller key than a symmetric key algorithm, but rather an asymmetric one.
According to this, you'd need a 2048-bit rsa (asymmetric) key to have the strength equivalent to an 112-bit symmetric key. In your quote, you mention that ECC can do the same with only a 224-bit key. This means that ECC keys are much smaller than RSA keys of the same strength.
Ok, I see. Thanks. Curiouse....can I use ECC to encrypt a filesystem instead of AES? And since ECC is asymmetric and AES is symmetric does this mean AES is stronger/more secure/better?
The blog on this link summarizes it pretty well. Symmetric and asymmetric keys are typically used for different purposes. One of the challenges that Asymmetric keys solve is how to initiate secure communications in an unsecured channel. An example would be establishing an SSH or VPN connection. Some method is needed to authenticate the clients and allow them to begin secure communications without divulging secure information in the clear. The Diffie-Hellman algorithm is an example of how this is done using asymmetric keys. Once the communications has been established, a change is generally made to symmetric keys, which are computationally faster.
Generally speaking, a symmetric key of X bits will be considered equivalent to an asymmetric key of Y bits, with X being less than Y.
And since ECC is asymmetric and AES is symmetric does this mean AES is stronger/more secure/better?
more secure? not yet, but possibly in the future. read the relative effects on quantum computing on asymmetric and symmetric ciphers in the wikipedia link i mentioned. but, symmetric ciphers are less computationally intensive than asymmetric ones, so you need a good reason to use an asymmetric cipher in the first place, such as key exchange as Noway2 mentions.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.