Comparison of RSA vs elliptical keys

Pete Stephenson pete at
Tue May 12 03:46:24 CEST 2020

On Mon, May 11, 2020, at 5:15 PM, Mark wrote:
> I'm trying to understand the differences in strength between an RSA key
> and an elliptical one such ed25519 with cv25519. I know with RSA it is
> pretty easy to "gauge" the strength 1024 vs 2048 vs 4096. 
> I could not really find anything to say how strong these elliptical keys
> are and how they compare to RSA ones. 

Good question! Broadly, and with several assumptions, elliptic curves have the same security level as symmetric (e.g., AES) keys that are half the elliptic key's length. See and the references therein as a starting point. 

For example, a 256 bit elliptic curve key has a similar strength to a symmetric key of 128 bits.

Due to various reasons, not all ECC keys are powers of 2 in length. For example, NIST P-521 is 521 bits long rather than 512 bits, and has equivalent security to a 256 bit symmetric key. 


Pete Stephenson

More information about the Gnupg-users mailing list