As websites continue to add features and connect with social networking applications, securing web communications has become increasingly important. This is where secure HTTP, or HTTPS, comes in, which uses encryption to secure web traffic against hackers.

Google has stated that they prioritize sites that support HTTPS in their search results, and an increasing number of users expect to see HTTPS in their address bars.

Services like Secure Site Pro, other DigiCert SSL certificates or Sectigo SSL certificates allow websites to provide this valuable feature.

HTTPS encryption is accomplished using an algorithm. RSA is the industry standard, but elliptic curve cryptography, or ECC, is becoming increasingly widely used.

The history of ECC begins in 1985, when Victor Miller and Neal Koblitz each independently suggested elliptic curves for cryptography. ECC started to gain widespread support in 2004, and in 2009, the National Institute of Standards and Technology recommended 15 curves for different security levels.

Differences Between ECC and RSA

Fundamentally, ECC certificates rely on the near impossibility of calculating a multiplicand from an original and final point. RSA, on the other hand, is based on the difficulty of prime factorization. The two algorithms perform differently in specific metrics.

Key Length

ECC certificates offer significantly shorter keys compared to their RSA equivalents. A 256-bit ECC key provides equivalent encryption strength to a 3072-bit RSA key and a 384-bit ECC key is comparable to a 7680-bit RSA key. This leads to lighter network use during SSL handshakes.

Performance

ECC certificates are easier to calculate on the server site, but conversely harder to calculate on the client side. This can improve network performance if the server is the major bottleneck, but can reduce performance if clients are the main source of lag.

Compatibility

RSA is the industry standard for HTTP encryption, so it is supported on many devices. ECC is not supported on all web servers and desktop browsers and is not adequately tested on mobile devices. This can be a significant concern in a time of increasingly diverse user devices.

Obtaining the Right Certificate

Digicert SSL certificate offers 2 of the best and most robust ECC certificate on the market:

Elliptic curve cryptography offers several significant benefits for websites, but it isn’t right for every use case. Whether a website chooses ECC or RSA will depend on which tool offers the most meaningful benefits for that site.