ECC
CryptographyElliptic Curve Cryptography -- public-key cryptography based on elliptic curves over finite fields, offering equivalent security to RSA with much shorter key lengths (e.g., P-256 vs RSA-3072), favored in constrained smart card environments.
What Is ECC?
Elliptic Curve Cryptography (ECCECCCryptographyEfficient public-key cryptography using elliptic curves.Click to view →) is a public-key cryptographic system based on the algebraic structure of elliptic curves over finite fields. ECC provides the same security guarantees as RSA -- digital signatures, key agreement, and encryption -- but with dramatically shorter key lengths, making it the preferred asymmetric algorithm for modern smart card platforms where EEPROM storage, processing power, and transaction time are constrained.
A 256-bit ECC key provides security equivalent to a 3072-bit RSARSACryptographyPublic-key algorithm for smart card signatures and key exchange.Click to view → key, enabling faster operations, smaller certificates, and lower power consumption on contactless cards powered by RF energy harvesting.
ECC Algorithms on Smart Cards
| Algorithm | Standard | Smart Card Usage |
|---|---|---|
| ECDSA | FIPS 186-5 | Digital signatures (ePassport, eID, PIV) |
| ECDH | NIST SP 800-56A | Key agreement (PACE, Chip Authentication) |
| ECKA | GSMA SGP.22 | eUICCeUICCProvisioningReprogrammable SIMSIMApplicationSmart card for mobile network authentication.Click to view → chip supporting remote profile switching.Click to view → profile delivery key agreement |
| EdDSA (Ed25519) | RFC 8032 | FIDO2 security keys |
Named Curves
Smart card standards specify particular named curves:
| Curve | Key Size | Used By |
|---|---|---|
| P-256 (secp256r1) | 256-bit | PIV, FIDO2, EMVEMVApplicationGlobal chip payment card standard.Click to view →, eID |
| P-384 (secp384r1) | 384-bit | High-assurance government cards, FIPS 201 |
| P-521 (secp521r1) | 521-bit | Specialized high-security applications |
| brainpoolP256r1 | 256-bit | European eID, German nPA |
| Curve25519 | 255-bit | FIDO2FIDO2StandardPasswordless authentication standard.Click to view →, modern security keys |
Hardware Implementation
Modern smart card crypto coprocessors include dedicated ECC accelerators that perform point multiplication in 30-100 ms for P-256, compared to 50-200 ms for RSA-2048. For contactless transactions where the card is powered by the RF field for less than 500 ms, this performance difference is often decisive.
Migration from RSA to ECC
The smart card industry is systematically migrating from RSA to ECC:
- ePassport -- ICAO 9303ICAO 9303ComplianceICAO standard for ePassport chip data and security protocols.Click to view → now mandates ECDSA for Active Authentication in new documents.
- EMV -- EMVCoEMVCoStandardBody managing EMV payment standards.Click to view → is transitioning from RSA-based SDA/DDA to ECC-based CDA for next-generation payment cards.
- GlobalPlatform -- SCP03SCP03SoftwareAESAESCryptographyNIST symmetric block cipher for smart card encryption.Click to view →-based secure channel protocol.Click to view → already uses AES for symmetric operations; SCP11 adds ECC-based key agreement for mutual authentication.
- Government cards -- NIST SP 800-78-5 for PIV allows ECC P-256 and P-384 alongside RSA.
The migration driver is not just performance -- ECC's shorter key and signature sizes reduce certificate storage requirements on cards with limited EEPROM, enabling more applications on multi-application platforms managed by GlobalPlatform.
Related Content
Smart Card Fundamentals
Getting Started…counters, data Crypto acceleration Crypto coprocessor RSA, ECC, AES offload I/O Contact pad / RF antenna Communicate with…
FIDO2 and Smart Cards
Standards & ProtocolsPKI on Smart Cards
Standards & Protocols…Response: 7F 49 ... (public key in TLV) SW1 SW2: 90 00 For ECC P-256 (ALG=06): Command: 00 47 00 9A 05 AC 03 80 01 06 00…
Smart Card Cryptography
Security…specific card families. Asymmetric Algorithms — RSA and ECC Asymmetric cryptography on smart cards serves key…
Side-Channel Attacks and Countermeasures
Security…randomisation (randomised projective coordinates for ECC) SPA, DPA ~10% time Higher-order masking — splitting a…
TEE vs Secure Element
Security…caches - Rowhammer against Secure World memory if DRAM ECC is absent - Malicious Normal World hypervisor downgrading…
Post-Quantum Cryptography for Smart Cards
Security…and lattice operations require more RAM than typical ECC. Classical vs. PQC Key Sizes Algorithm Type Public Key…
OpenSC and Open-Source Smart Card Tools
Programming…card-coolkey Red Hat / Fedora CoolKey card-iasecc IAS-ECC (French national eID) OpenSC in the Browser Browsers…
常见问题
The smart card glossary is a comprehensive reference of technical terms, acronyms, and concepts used in smart card technology. It covers protocols (APDU, T=0, T=1), security (Common Criteria, EAL, HSM), hardware (SE, EEPROM, contact pad), and applications (EMV, ePassport, eSIM). It serves developers, product managers, and engineers.
Yes. SmartCardFYI provides glossary definitions in 15 languages including English, Korean, Japanese, Chinese, Spanish, Portuguese, Hindi, Arabic, French, Russian, German, Turkish, Vietnamese, Indonesian, and Thai.