## 1. Introduction

ECDSA (Elliptic Curve Digital Signature Algorithm) is an asymmetric key encryption algorithm that uses elliptic curve cryptography to produce keys and sign data. On the other hand, RSA (Rivest-Shamir-Adleman) is also an asymmetric encryption scheme that generates its keys by multiplying two pseudo-random prime numbers.

These two cryptographic systems are the most widely used on the internet for securing different services, from email to HTTP connections. They are often used interchangeably.

In this tutorial, we’ll learn why we choose one over the other.

## 2. Similarities Between ECDSA and RSA

### 2.1. Encryption Type

ECDSA and RSA use asymmetric key cryptography for generating digital signatures and encryption/decryption.

### 2.2. Versatility

We can use either our public or private key to sign some data using ECDSA. The same is true for RSA. The choice of which key to use depends on the purpose.

If we sign using a private key, we intend to prove that we’re the rightful sender. The public key will, in this case, be used to verify that the sender actually knows the private key.

Conversely, if we use the public key for signing, the intention is that only the person with the private key will be able to unlock the sent message.

### 2.3. Weaknesses

Both algorithms are susceptible to side-channel attacks. These attacks do not directly target the algorithm but rather environment properties like cache access patterns, electrical pulses, and the sound made during computations.

We can implement some safeguards to counter them, for example, by introducing random processing delays or implementing a silicon-based hardware root of trust.

## 3. Differences Between ECDSA and RSA

### 3.1. Key Generation

These two cryptosystems rely on different mathematical properties for their security. The basic principle is that it’s impractical for a hacker to brute-force the private key that was used to produce the ciphertext.

ECDSA relies on points on elliptic curves bounded over a finite field. The two geometric properties of these curves are of particular interest to cryptography:

• Any line touching the elliptic curve cannot cross it at more than three points
• Points on the curve are symmetrical along the X-axis

These properties enable us to define points on a curve as a group. A group here refers to a collection of integers with four mathematical properties of interest: associativity, closure, identity, and having an inverse value for each element. The properties enable us to make operations on the elliptic curve points.

In ECDSA, the private key ( ) is randomly generated from the order n of an elliptic curve. We then choose a generator point to produce the public key ( ) with the relationship: .

In contrast, RSA relies on the difficulty of factoring large prime numbers for its security.

We choose two sufficiently large random integers and then multiply them. The result forms a part of the public and private keys.

The whole point is that it’s intractable (impractical) for one to find the two prime numbers that we used to generate the keys. For a 2048-bit RSA encryption, we choose primes that are at least 1024 bits.

### 3.2. Weaknesses

If the two chosen random numbers in RSA are too close to each other, then an attacker could easily guess the keys. The numbers also need to be very large. Otherwise, a hacker can easily guess which numbers were used.

Additionally, if a weak pseudo-random number generator (PRNG) was used, then our encryption is also at risk. Weak, here means that the PRNG has low entropy. That is, it uses a small set of numbers as a source for its randomness. Therefore, a malicious actor can easily go through all the possible combinations and guess which prime numbers were used.

Therefore, we must only use PRNGs that have been verified to be cryptographically secure.

For ECDSA, we only need one random number. The size isn’t of particular interest to us. However, the type of elliptic curve chosen is of interest as some curves can allow an attacker to easily brute-force the encryption.

### 3.3. Key Length

ECDSA provides a significantly smaller output length for the same security level as RSA.

For example, a 3072-bit RSA signature provides the same level of security as a 256-bit ECDSA signature.

### 3.4. Speed

ECDSA runs faster than RSA. It also requires significantly less memory. This is a particularly important property for use in mobile devices increasingly requiring secure communications with moderate computing resources.

### 3.5. Difficulty

RSA is straightforward for a programmer to implement. On the contrary, the ECDSA algorithm is more difficult to implement and can affect the algorithm’s security.

We need to ensure that the elliptic curves we use can not enable an attacker to find an implementation that solves the discrete logarithm problem in polynomial time.

A particular attack that can occur because of poor implementation is a twist attack. This attack involves a malicious actor (A) giving the message receiver (B) a set of carefully chosen points on the elliptic curve for B to cipher. If the algorithm that B has uses a poor implementation, then A can be able to uncover the private key from the cipher text from B.

## 4. Applications

Let’s now look at some areas where these algorithms are commonly used. It’s worth noting that since RSA has been around for much longer than ECDSA, it is more used. Though, the trend is gradually shifting. 