Elliptic curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. The use of elliptic curves in cryptography was suggested independently by Neal Koblitz and Victor S. Miller in 1985.

Elliptic curves are also used in several integer factorization algorithms that have applications in cryptography, such as, for instance, Lenstra elliptic curve factorization, but this use of elliptic curves is *not* usually referred to as "elliptic curve cryptography."

ECC can yield a level of security with a 164-bit key compared with other systems that require a 1,024-bit key. Since ECC provides an equivalent security at a lower computing power and battery resource usage, it is widely used for mobile applications. ECC was developed by Certicom, a mobile e-business security provider and was recently licensed by Hifn, a manufacturer of integrated circuitry and network security products. Many manufacturers, including 3COM, Cylink, Motorola, Pitney Bowes, Siemens, TRW and VeriFone have incorporated support for ECC in their products .

Public key cryptography is based on the creation of mathematical puzzles that are difficult to solve without certain knowledge about how they were created. The creator keeps that knowledge secret (the private key) and publishes the puzzle (the public key). The puzzle can then be used to scramble a message in a way that only the creator can unscramble. Early public key systems, such as the RSA algorithm, used products of two large prime numbers as the puzzle: a user picks two large random primes as his private key, and publishes their product as his public key. While finding large primes and multiplying them together is computationally easy, reversing the RSA process is thought to be hard (*see* RSA problem). However, due to recent progress in factoring integers (one way to solve the problem), FIPS 186-3 recommends that DSA and RSA public keys be at least 1024 bits long to provide adequate security.

Another class of puzzle involves solving the equation *a ^{b} = c* for

*b*when

*a*and

*c*are known. Such equations involving real or complex numbers are easily solved using logarithms (i.e.

*b=log(c)/log(a)*). However, in some large finite groups, finding solutions to such equations is quite difficult and is known as the discrete logarithm problem.

An *elliptic curve* is a plane curve defined by an equation of the form

*y*^{2} = *x*^{3} + *a**x* + *b*

The set of points on such a curve (i.e., all solutions of the equation together with a point at infinity) can be shown to form an abelian group (with the point at infinity as identity element). If the coordinates *x* and *y* are chosen from a large finite field, the solutions form a finite abelian group. The discrete logarithm problem on such elliptic curve groups is believed to be more difficult than the corresponding problem in (the multiplicative group of nonzero elements of) the underlying finite field. Thus keys in elliptic curve cryptography can be chosen to be much shorter for a comparable level of security. (*See:* cryptographic key length)

As for other popular public key cryptosystems, no mathematical proof of difficulty has been published for ECC as of 2006. However, the U.S. National Security Agency has endorsed ECC technology by including it in its Suite B set of recommended algorithms. Although the RSA patent has expired, there are patents in force covering some aspects of ECC.