[eboyjr]

In this example, an EC private key is made up of 256 bits of "randomness". Nearly every 256-bit number is a valid ECDSA private key.

However, an RSA private key is made of up specific numbers like a modulus, private exponent, etc that contribute to its length. In principle this is all you need. But usually other generation parameters are included that speed up calculations for the Chinese Remainder Theorem.

When it comes to network bandwidth, the number one concern relates to the symmetric algorithm used for message encryption and Message Authentication Coding (MAC) for integrity checking (this is unrelated to the choice of RSA versus ECC). Smaller embedded systems may start sessions more frequently, or the asymmetric authentication may be a larger percentage of the overall traffic and the size of the keys and signatures can make a difference. At the 128-bit security level, public keys and signatures are six-times larger for RSA than for ECC. Private keys are 12-times larger for RSA compared to ECC at the 128-bit security level. The key size generally has no impact on performance, but size matters when it comes to the cost of secure storage of the keys.