Elliptic-curve Diffie–Hellman
Elliptic-curve Diffie–Hellman (ECDH) is a key agreement protocol that allows two parties, each having an elliptic-curve public–private key pair, to establish a shared secret over an insecure channel.[1][2][3] This shared secret may be directly used as a key, or to derive another key. The key, or the derived key, can then be used to encrypt subsequent communications using a symmetric-key cipher. It is a variant of the Diffie–Hellman protocol using elliptic-curve cryptography.
.
Most standardized protocols based on ECDH derive a symmetric key from using some hash-based key derivation function.
The shared secret calculated by bothprivate keys should validate the other public key, and should apply a secure to the raw Diffie–Hellman shared secret to avoid leaking information, s.
If Alice maliciously chooses invalid curve points fo
While the shared secret may be used directly as a key, it can be desirable
Software
- Curve25519 is a popular set of elliptic curve parameters and reference implementation by Daniel J. Bernstein in C. Bindings and alternative implementations are also available.
- LINE messenger app has used the ECDH protocol for its "Letter Sealing" end-to-end encryption of all messages sent through said app since October 2015.[4]
- Signal Protocol uses ECDH to obtain post-compromise security. Implementations of this protocol are found in Signal, WhatsApp, Facebook Messenger and Skype.
See also
References
- ^ NIST, Special Publication 800-56A, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography, March, 2006.
- ^ Certicom Research, Standards for efficient cryptography, SEC 1: Elliptic Curve Cryptography, Version 2.0, May 21, 2009.
- ^ NSA Suite B Cryptography, Suite B Implementers' Guide to NIST SP 800-56A Archived 2016-03-06 at the Wayback Machine, July 28, 2009.
- ^ JI (13 October 2015). "New generation of safe messaging: "Letter Sealing"". LINE Engineers' Blog. LINE Corporation. Retrieved 5 February 2018.
