Ciro Santilli @cirosantilli 34

ECDH has smaller keys. youtu.be/gAtBM06xwaw?t=634 mentions some interesting downsides:

This is the discrete logarithm problem where the group is a cyclic group.

In this case, the problem becomes equivalent to reversing modular exponentiation.

This computational problem forms the basis for Diffie-Hellman key exchange, because modular exponentiation can be efficiently computed, but no known way exists to efficiently compute the reverse function.

The algorithm is completely analogous to Diffie-Hellman key exchange in that you efficiently raise a number to a power $n$ times and send the result over while keeping $n$ as private key.

The only difference is that a different group is used: instead of using the cyclic group, we use the elliptic curve group of an elliptic curve over a finite field.

Variant of Diffie-Hellman key exchange based on elliptic curve cryptography.

This is natural question because both integer factorization and discrete logarithm are the basis for the most popular public-key cryptography systems as of 2020 (RSA and Diffie-Hellman key exchange respectively), and both are NP-intermediate. Why not use something more provenly hard?

RSA vs Diffie-Hellman key exchange are the dominant public-key cryptography systems as of 2020, so it is natural to ask how they compare:

As its name indicates, Diffie-Hellman key exchange is a key exchange algorithm. TODO verify: this means that in order to transmit a message, both parties must first send data to one another to reach a shared secret key. For RSA on the other hand, you can just take the public key of the other party and send encrypted data to them, the receiver does not need to send you any data at any point.