Speeding up secure web transactions using elliptic curve cryptography

Latency versus throughput plot for Apache web server using elliptic curve cryptography and RSA encryption.


Elliptic curve cryptography (ECC) is emerging as an attractive alternative to traditional public-key cryptosystems (RSA, DSA, DH). ECC offers equivalent security with smaller key sizes resulting in faster computations, lower power consumption, as well as memory and bandwidth savings. While these characteristics make ECC especially appealing for mobile devices, they can also alleviate the computational burden on secure web servers.

This article studies the performance impact of using ECC with Secure Sockets Layer (SSL), the dominant Internet security protocol. We benchmark the Apache web server with an ECC-enhanced version of OpenSSL under a variety of conditions. Our results show that an Apache web server can handle 11%-31% more HTTPS requests per second when using ECC rather than RSA at short-term security levels. At security levels necessary to protect data beyond 2010, the use of ECC over RSA improves server performance by 110%-279% under realistic workloads.

Keywords: elliptic curve cryptography, Secure Sockets Layer (SSL)


Vipul Gupta, Douglas Stebila, Stephen Fung, Sheueling Chang, Nils Gura, Hans Eberle. Speeding up secure web transactions using elliptic curve cryptography. In Proc. Network and Distributed System Security Symposium (NDSS) 2004. Internet Society, February 2004.