Lately, I’ve been learning quite a bit about Elliptic Curve Cryptography (ECC)—an approach to public key cryptography that offers much better security than RSA. For example, NIST recommends an RSA key of at least 2048 bits if you want to secure information through 2030. For ECC, the same level of security can be obtained with a 224 bit key.

As a public key method, one can use ECC to securely communicate between two parties that do not share a secret key. Instead, each party has a *public key* that can be freely shared, and a *private key* only known to that party. Once the keys are generated, and public keys are shared, one can use ECC for two basic tasks:

**Secret agreement.** Two parties can use the ECDSA algorithm to agree on a shared secret (such as an AES key) without the possibility of an eavesdropper learning or affecting the generated key. This shared can then be used to efficiently communicate directly.

**Digital Signatures.** One party can sign a message so that other users who receive the message know that the author has sent this message. This allows verifying the integrity of messages.

ECC has been recently added to OpenSSL, and incorporates some very interesting mathematics. If you have an interest in public key cryptography, I definitely recommend learning about it. A good place to start reading is Handbook of Elliptic and Hyperelliptic Curve Cryptography, but there are also many references available online.