Digital Signature - RSA vs ECDSA
A common way to validate the integrity of data and to authenticate the creator of the data is the use of digital signatures. This is a step up from a simple checksum, which can only be used for integrity checks. For authentication, digital signature algorithms use public key cryptography with a key pair of public and private key. The private key is kept secret by its owner and used to create a digital signature. The public key can be shared and is used to verify that data has been signed with the private key and as such has been created by the private key owner (authentication) and has not been modified afterwards (integrity).
There are two major public key algorithms used for digital signatures: RSA and ECDSA.
What are the differences between RSA and ECDSA? Which algorithm should be used in embedded systems?
Comparison
To better compare key size and performance of different cryptographic algorithms, the level of security for any algorithm and key size can be estimated.
| Security Level | RSA | ECDSA |
|---|---|---|
| 80 bits | 1024 bits | 160 bits |
| 112 bits | 2048 bits | 224 bits |
| 128 bits | 3072 bits | 256 bits |
| 192 bits | 7680 bits | 384 bits |
| 256 bits | 15360 bits | 512 bits |
| RSA | ECDSA | |
|---|---|---|
| Resource Use | ||
| ROM Use | 6 kB | 10 kB |
| RAM Use | 3.0 kB | 3.2 kB |
| Key Store | 1 * Key length | 1 * Key length |
| Signature Store | 1 * Key length | 2 * Key length |
| Verification Performance | ||
| 80 bit | 2.18 ms (1024 bit) | 43.45 ms (P-192) |
| 112 bit | 7.40 ms (2048 bit) | 53.87 ms (P-224) |
| 128 bit | 15.89 ms (3072 bit) | 78.70 ms (P-256) |
| 192 bit | 92.94 ms (8192 bit) | 129.17 ms (P-384) |
| 256 bit | 333.19 ms (16384 bit) | 145.68 ms (P-521) |
As of today, and for at least the next 10 years, the cost of using RSA with
recommended key sizes (1024 - 3072 bit) is lower than its ECDSA equivalent.
When in the future security level requirements rise,
there will be a break even at which it may be more efficient to use ECDSA.
That is for storage requirements at ~160 bit security level (4096 bit RSA)
and for performance at ~200 bit security level (10240 bit RSA).
Notes
All resource use and performance values have been measured with emCrypt, on a Cortex-M7 microcontroller at 200 MHz.
