Ministry of Electronics & Information Technology
Government of India

Elliptic Curve Cryptography for Mobile Phones

Top

Elliptic Curve Cryptography for Mobile Phones

 

The need to sign document digitally is increasing,   eReturn and MCA departments are using it very extensively over web interface. But as more and more people have started using Mobile Phones, the time has come to provide Digital Signature and encryption on Mobile Phones.  People use SSL certificates and applyRivest Shamir Adleman(RSA) keys,  the recommended size of these keys keeps increasing (e.g., from 1024 bit to 2048 bit a few years ago) since compute power of desktop/laptop is continuously increasing, thus, to maintain sufficient cryptographic strength keys of long bits are recommended by NIST.As RSA algorithm uses more number of bits, more compute resources are required. Mobile devices don’t have large compute resources. An alternative to RSA is Elliptic Curve Cryptography (ECC). It uses fewer number of bits, but offers the same level of cryptographic strength. So it is considered more suitable for mobile devices.

The main difference between ECC and RSA is key size  to achieve same level of cryptographic strength.

 

 

NIST has cautioned people that they should use security strength of atleast 128 bits since compute power of even smaller computer is increasing day by day so it is easier for hackers to break the keys in a short period of time. Therefore, to attain security strength of 128 bits, 256 bit ECC key is good enough for an asymmetric encryption system, and to achieve the same security strength  RSA needs 3072 bit keys.

The small key sizes make ECC very appealing for devices with limited storage or processing power, which are becoming increasingly common on Mobile Devices and IOT. The time has come to adopt ECC based SSL Certificates and implement them over mobile phones.
 

Implementation of ECC on Mobile Phone: The small device such as Mobile Phones can use it. Each Mobile should have two SIM Cards, one for talking purposes, and another for keeping Private Key. It will relieve the Mobile Owner from carrying the burden of Dongle but at the same time compliance of keeping the Private Key on hardware device which is in the hand of owner is achieved.

The aim of government is to popularize e Governance through mobile phones so it would be a good step in moving forward to this direction.