Elliptic curve cryptography (ECC) is an asymmetric encryption algorithm that uses the math of elliptic curves to create public/private key pairs, achieving the same security as RSA with much smaller keys.
Elliptic curve cryptography (ECC) is one of the two asymmetric encryption algorithms named in the CED, alongside RSA (EK 5.4.C.1). "Asymmetric" means you use a key pair instead of one shared secret. Each entity generates a public key and a private key at the same time, and they're mathematical inverses of each other. Whatever one key encrypts, only its partner can decrypt (EK 5.4.A.2). That lets two people communicate securely without ever prearranging a shared secret key (EK 5.4.A.1).
The "elliptic curve" part is the math under the hood. Instead of relying on the difficulty of factoring huge prime numbers (that's RSA's trick), ECC relies on a different hard math problem built on points along an elliptic curve. The practical payoff is efficiency: ECC reaches the same security level as RSA using a much shorter key. You can encrypt and decrypt with ECC using the same tools you'd use for any asymmetric algorithm, like OpenSSL on the command line or web-based tools (EK 5.4.C.2).
ECC lives in Unit 5: Securing Applications and Data, specifically Topic 5.4 Asymmetric Cryptography. It supports three learning objectives at once. You apply it under AP Cybersecurity 5.4.C (apply asymmetric algorithms to encrypt and decrypt), you reason about its key sizes under AP Cybersecurity 5.4.B (why key length affects security), and you decide which key in the pair to use under AP Cybersecurity 5.4.A. The big-picture reason ECC matters: it's the answer whenever a scenario wants strong security but can't afford big keys or slow processing, like on mobile devices or in high-traffic TLS connections.
Keep studying AP Cybersecurity Unit 5
Visual cheatsheet
view galleryRSA (Unit 5)
RSA and ECC are the two asymmetric algorithms you have to know, and they're the classic compare-and-contrast pair. RSA's security comes from factoring large prime numbers; ECC's comes from elliptic curve math. ECC hits the same security with a smaller key, so if a question rewards efficiency, the answer is usually ECC.
Key length and keyspace (Unit 5)
EK 5.4.B.1 says an n-bit key has a keyspace of 2^n, so longer keys are harder to guess but slower to use. ECC's whole selling point is that it gets a huge effective keyspace from a small key, dodging the speed penalty that comes with longer RSA keys (EK 5.4.B.3).
Digital signatures and certificates (Unit 5)
Asymmetric algorithms like ECC power digital signatures and digital certificates (EK 5.4.C.1). When a certificate authority signs a certificate or a TLS connection is set up, ECC can be the algorithm doing that public/private key work behind the scenes.
On multiple-choice, ECC shows up as the right answer to a needs-based scenario. One practice stem describes an organization that wants "smaller key sizes while maintaining security equivalent to 2048-bit RSA" and the answer is ECC. Another stem describes an algorithm "based on the mathematical difficulty of factoring large prime numbers," which is RSA, not ECC, so read the math description carefully. You should be able to name ECC as an asymmetric algorithm (EK 5.4.C.1), explain why its small keys still give strong security (5.4.B), and identify when to use a public vs. private key (5.4.A). No released FRQ has used the exact term, but the same asymmetric-encryption reasoning supports any free-response prompt about securing data in transit.
Both are asymmetric algorithms with public/private key pairs, so it's easy to mix them up. The difference is the underlying math: RSA relies on factoring large primes, ECC relies on elliptic curve math. ECC needs a much smaller key for the same security, which makes "smaller key, equal strength" the giveaway phrase for ECC on the exam.
ECC is an asymmetric encryption algorithm, so it uses a public/private key pair, not one shared secret key.
ECC's main advantage over RSA is reaching equal security with a much smaller key, which means faster encryption and decryption.
RSA's security comes from factoring large primes; ECC's comes from elliptic curve math, so the math description tells you which algorithm a question means.
An n-bit key gives a keyspace of 2^n, and ECC squeezes a large effective keyspace out of a short key.
ECC supports real-world uses like digital signatures, digital certificates, and TLS, the same applications as other asymmetric algorithms.
It's an asymmetric encryption algorithm (abbreviated ECC) named in EK 5.4.C.1 that uses the math of elliptic curves to generate public/private key pairs. Its big feature is delivering the same security as RSA with a much smaller key.
Not necessarily more secure, but more efficient at the same security level. ECC can match the strength of a 2048-bit RSA key with a far smaller key, which means faster processing and less overhead, the exact scenario the practice questions reward.
Both are asymmetric with key pairs, but RSA's security rests on factoring large prime numbers while ECC's rests on elliptic curve math. The practical difference: ECC gets equal security from a much smaller key.
Yes. Like all asymmetric encryption, ECC generates a key pair at the same time, with one designated public and one private (EK 5.4.A.2). The keys are mathematical inverses, so whatever one encrypts, only its partner can decrypt.
Real applications include digital signatures, digital certificates, and securing data in transit through TLS (EK 5.4.C.1). You can perform ECC operations with tools like OpenSSL on the command line or web-based encryption tools (EK 5.4.C.2).
Connect this key term to the AP exam workflow: review the course, practice questions, and check related study tools.