[Cryptography] Why is ECC secure?

[Kristian Gjøsteen]

29. mai 2015 kl. 21.26 skrev Bill Cox <waywardgeek at gmail.com>:
> 
> From Wikipedia: "As is the case for other popular public key cryptosystems, no mathematical proof of security has been published for ECC as of 2009."
> 
> Why do we believe this is secure, other than the fact that in EEC's short life, no one has cracked it?  Compared to DLP and integer factorization, I doubt many people have tried.

There’s no proof of security, but those who pay attention to these things know that since 1985, there has been a significant amount of work on ECDLP and related problems. For some special cases, there has been significant progress (typically reducing the problem to a DLOG problem in some other group where better algorithms exist), but for non-special curves over prime fields, there has been essentially zero progress. Compare this to factoring and DLP where there has been significant progress since 1977.

Note also that «closeness» isn’t very relevant for ECDLP. For instance, you can «smoothly» deform an elliptic curve into a singular cubic curve where DLOG is trivial.

-- 
Kristian Gjøsteen