Why ECC? 
WHY ECC
The Need For Authentication
The ability requirement to send secure, verifiable messages to all parts of The Smart Grid and its millions of smart meters in order to control the flow of electricity is one of the factors that makes this new grid unique. This ability rests on having a confidential identification system between the transmitter of the messages and the receivers. False messages when acted upon could have devastating results in terms of grid security. This requirement is met by the ability of securely identifying entities in the system and authenticating messages and actions of these entities.
The Symmetric System of Identification
Symmetric Key Management utilizes a key that is common shared to allamong one or more meters and the head-end. Both parties in an exchange use the symmetric key for authentication using message authentication codes.and signature generation. Because all parties sharing the key have the ability to create these message authentication codessignatures are common, there is no often no way of verifying which party signed is responsible for a given message, further there is no way for a third party to validate a claim of authenticity.. In the case where the key is shared among a set of meters addition, if one device is a compromise of a single meter leads to a compromise of the entire set of meters. d the entire network is compromised.
Even wWhen each meter in the symmetric-key system has a different key, the head-end needs to maintain a confidential list of all keys. This results in decreased security as there are two copies of each key.This consolidation of cryptographic material creates its own security problems and is a single point of failure for the entire system. Symmetric-key systems using derived keys are similarly susceptible.
The Asymmetric System of Identification
With Asymmetric Key Management use key pairs, a “private key” and a “public key.”, keys are generated in pairs. The "private key" is only known to one entity, where the public key can be widely distributed., . For instance, athe utility, which uses it tcano sign messages that can be verified by all receiving meters using the corresponding "public key". All demand response messages from the utility head end are can be authenticated as coming from the utility.
In asymmetric authentication systems, only one party knows the private key. Any number may know the public key, but since the it is computationally infeasible to derive the private key cannot be derived from the public key, the signature serves as a unique identifier.
Asymmetric Approaches - RSA vs. ECC
ECC is eclipsing RSA in the arena of asymmetric public-key infrastructure. It is recommended for new systems requiring security past 2010 A recommended RSA key sizes above 2,048-bits are for most applications is 2,048 bitsused. For equivalent security using ECC, you need a key of only 224 bits. When sSecurity levels increase, as hardware gets faster to keep pace with computational power, and the recommended key sizes must be also increased, a 384 -bit ECC key matches is equivalent to a 7680-bit RSA key for security. Unlike RSA’s exponential key growth ECC key sizes grow linearly to the security level required.
Smaller ECC keys mean the cryptographic operations performed by the communicating devices can be squeezed into considerably smaller hardware, software applications complete cryptographic operations with fewer processor cycles, and operations can be performed faster, while still guaranteeing equivalent security. Additionally, messages utilizing public-key cryptography, such as certificates or digital signatures are smaller and require less bandwidth critical to RF networks.
This means, in turn, less heat, less power consumption, less real estate consumed on the printed circuit board, and software applications that run more rapidly and make lower memory demands. These characteristics lead to more portable devices, which run longer, and produce less heat.
ECC is the obvious choice for Smart Grid Security.