[hannob]

Let's just put it like this: Most "simple" explanations of RSA are wrong.

The "advantage" of ECC is that there are no "simple" explanations of ECC, because there's no comic version of ECC that is insecure and easy to explain. For RSA, such an insecure comic version exists. However, I never found that a very convincing argument against RSA.

[jameswryan]

The Discrete Log Problem is relatively simple to explain in the context of a generic group. It's sort of intuitive that elliptic curve groups are a pretty good instance of a generic group. So I don't think it is simpler to explain the security of RSA than the security of ECC.

Additionally, the best attack on ECDLP (Pollard's rho) is much easier to understand than the best attack on RSA (the number field sieve).

[littlestymaar]

> Additionally, the best attack on ECDLP (Pollard's rho) is much easier to understand than the best attack on RSA (the number field sieve).

Only if RSA is implemented properly. Naive textbook RSA implementations are very vulnerable[1]

[1]: https://sci-hub.st/https://link.springer.com/chapter/10.1007...