Elliptic Curve Cryptography (ECC) is emerging as an attractive alternative to traditional public-key cryptosys- tems (RSA, DSA, DH). ECC offers equivalent security with smaller key sizes resulting in faster computations, lower power consumption, as well as memory and bandwidth sav- ings. While these characteristics make ECC especially ap- pealing for mobile devices, they can also alleviate the com- putational burden on secure web servers.
This article studies the performance impact of using ECC with SSL, the dominant Internet security protocol. We cre- ated an ECC-enhanced version of OpenSSL and used it to benchmark the Apache web server. Our results show that, under realistic workloads, an Apache web server can han- dle 13%–31% more HTTPS requests per second when using ECC-160 rather than RSA-1024 reflecting short-term secu- rity levels. At security levels necessary to protect data be- yond 2010, the use of ECC-224 over RSA-2048 improves server performance by 120%–279%.