ECC is based on some very deep math involving elliptic curves in a finite field. It relies on the difficulty of solving the Elliptic Curve Discrete Logarithm Problem (ECDLP) in much the same way that RSA depends on the difficulty of factoring the product of two large primes. The best known method for solving ECDLP is fully exponential, whereas the number field sieve (for factoring) is sub-exponential. This allows ECC to use drastically smaller keys to provide the equivalent security; a 160-bit ECC key is equivalent to a 1024-bit RSA key.
As always though, there are the problems of patents..
The wild card in the ECC patent arena seems to be Certicom which claims a large number of ECC patents and has not made a clear statement of its intentions with regard to open source implementations. The NSA licensed Certicom’s patents for $25 million to allow them and their suppliers to use ECC, lending some credence to at least some of the Certicom patents. Other companies also have patents on various pieces of ECC technology.
Be interesting to see what happens..