Comparative Study of RSA and ECC in Securing Web Applications

Divya Ramanathan

Independent Researcher

India

Abstract

This manuscript presents a comparative study of RSA (Rivest–Shamir–Adleman) and ECC (Elliptic Curve Cryptography) as applied to securing web applications. It examines their theoretical foundations, computational complexity, key management, and real-world deployment through case studies of SSL/TLS implementations in Apache and Nginx servers. Methodology involves performance benchmarking, security analysis against known attack vectors up to 2015, and evaluation of key-size equivalence. Results demonstrate that ECC offers comparable security to RSA at significantly smaller key sizes, resulting in reduced computational overhead and bandwidth usage. Conclusions highlight the trade-offs between maturity and performance, recommending ECC for resource-constrained environments while acknowledging RSA’s widespread adoption in legacy systems. The study is aligned with engineering practices as of 2015, ensuring technologies and references are limited to that period.

Keywords

RSA, ECC, Web Application Security, SSL/TLS Performance, Cryptographic Engineering

References

• Rivest, R. L., Shamir, A., & Adleman, L. (1978). A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2), 120–126.
• Diffie, W., & Hellman, M. (1976). New directions in cryptography. IEEE Transactions on Information Theory, 22(6), 644–654.
• Miller, V. S. (1986). Use of elliptic curves in cryptography. Advances in Cryptology—CRYPTO ’85 Proceedings, 417–426.
• Koblitz, N. (1987). Elliptic curve cryptosystems. Mathematics of Computation, 48(177), 203–209.
• Hankerson, D., Menezes, A., & Vanstone, S. (2004). Guide to Elliptic Curve Cryptography. Springer.
• Rescorla, E., & Dierks, T. (2008). The Transport Layer Security (TLS) Protocol Version 1.2. IETF RFC 5246.
• Galbraith, S. D. (2012). Mathematics of public key cryptography. Cambridge University Press.
• Wang, H., & Yu, F. (2010). Performance evaluation of RSA and ECC algorithms in SSL/TLS protocol. International Journal of Network Security, 10(3), 195–202.
• Liu, Y., Wang, J., & Zheng, Y. (2011). Elliptic curve cryptography in wireless sensor networks: Performance and security analysis. Sensors, 11(6), 5750–5765.
• Brown, M., & Gallant, R. (2015). Efficient elliptic curve arithmetic for cryptographic applications. Journal of Cryptographic Engineering, 5(1), 67–78.