Internet security standards such as SSL and IPsec rely on public-key cryptosystems for scalable key management. Elliptic Curve Cryptography (ECC) is a new kind of public-key cryptosystem. Compared to its traditional counterparts (RSA, DSA and Diffie-Hellman), it provides equivalent security using much smaller key sizes. This results in faster cryptographic computations and greater efficiency in terms of memory and power usage. Not only does ECC lower the capability threshold for constrained devices to perform strong cryptography, it also increases the capacity of more capable devices, like servers, to handle secure connections. Most importantly, the performance advantage of ECC over competing technologies increases as security requirements increase.

As the Internet continues its explosive growth and extends its reach beyond mobile phones and PDAs to smaller devices such as sensors and RFID tags, ECC is emerging as an attractive cryptosystem for these constrained environments.

While the basic elements of this technology have been standardized by NIST, ANSI and IEEE, challenges remain in ensuring its pervasive deployment. The early adoption phase of any new network technology encounters a catch-22 situation where device manufacturers hesitate to implement a technology until there are enough other devices that can take advantage of it. This paper reports on our efforts to address this challenge by (i) promoting standardization of ECC in SSL, the dominant security protocol used on the Internet, and (ii) integrating ECC capabilities into OpenSSL and NSS/Mozilla the two most popular open source implementations of SSL on web clients and servers, respectively.