If however, you know the number of hops you can use an exponentiation trick to find the ending point quite quickly. For example, and omitting the details of elliptic curve operations: 2P = P dot P and then 4P = 2P dot 2P. This allows you to get up to those crazy high calculations exponentially faster.
===
One big difficulty in ECC vs RSA is how to do the math required for the operations. With RSA choosing the keys is the part where dragons lie and you need to make sure the numbers chosen satisfy various criteria. The algorithms for working with keys in RSA are well defined. The opposite is true for ECC. It is easier to choose numbers but depending on the curve used as well as how it is implemented there can be information leaked about the key in timings and other behavior.
If you want to read more check out the Wikipedia article on the Montgomery Ladder ( https://en.wikipedia.org/wiki/Elliptic_curve_point_multiplic...) as well as DJB's comparison chart of curves that don't support the Montgomery Lader: https://safecurves.cr.yp.to/ladder.html . The real kicker here is that the NIST P-### curves are what ends up in official US government requirements.. and they are vulnerable to side channel attacks due to their design.
===
If however, you know the number of hops you can use an exponentiation trick to find the ending point quite quickly. For example, and omitting the details of elliptic curve operations: 2P = P dot P and then 4P = 2P dot 2P. This allows you to get up to those crazy high calculations exponentially faster.
===
One big difficulty in ECC vs RSA is how to do the math required for the operations. With RSA choosing the keys is the part where dragons lie and you need to make sure the numbers chosen satisfy various criteria. The algorithms for working with keys in RSA are well defined. The opposite is true for ECC. It is easier to choose numbers but depending on the curve used as well as how it is implemented there can be information leaked about the key in timings and other behavior.
If you want to read more check out the Wikipedia article on the Montgomery Ladder ( https://en.wikipedia.org/wiki/Elliptic_curve_point_multiplic...) as well as DJB's comparison chart of curves that don't support the Montgomery Lader: https://safecurves.cr.yp.to/ladder.html . The real kicker here is that the NIST P-### curves are what ends up in official US government requirements.. and they are vulnerable to side channel attacks due to their design.