Elliptic curve Diffie–Hellman

最新推荐文章于 2024-03-23 14:01:14 发布

雜貨鋪老闆

最新推荐文章于 2024-03-23 14:01:14 发布

阅读量2.4k

点赞数 1

分类专栏：网络安全

网络安全专栏收录该内容

43 篇文章 0 订阅

订阅专栏

原文地址：https://en.wikipedia.org/wiki/Elliptic_curve_Diffie%E2%80%93Hellman

Elliptic curve Diffie–Hellman

From Wikipedia, the free encyclopedia

Jump to: navigation, search

Elliptic curve Diffie–Hellman (ECDH) is an anonymous key agreement protocol that allows two parties, each having an elliptic curve public-private key pair, to establish a shared secret over an insecure channel.^[1]^[2]^[3] This shared secret may be directly used as a key, or better yet, to derive another key which can then be used to encrypt subsequent communications using a symmetric key cipher. It is a variant of the Diffie–Hellman protocol using elliptic curve cryptography.

Key establishment protocol

Suppose Alice wants to establish a shared key with Bob, but the only channel available for them may be eavesdropped by a third party. Initially, the domain parameters (that is, $(p,a,b,G,n,h)$ in the prime case or $(m,f(x),a,b,G,n,h)$ in the binary case) must be agreed upon. Also, each party must have a key pair suitable for elliptic curve cryptography, consisting of a private key $d$ (a randomly selected integer in the interval $[1, n-1]$ ) and a public key $Q$ (where $Q = d G$ ). Let Alice's key pair be $(d_A, Q_A)$ and Bob's key pair be $(d_B, Q_B)$ . Each party must have the other party's public key (an exchange must occur).

Alice computes $(x_k, y_k) = d_A Q_B$ . Bob computes $(x_k, y_k) = d_B Q_A$ . The shared secret is $x_k$ (the x coordinate of the point). Most standardized protocols based on ECDH derived a symmetric key from $x_k$ using some hash-based key derivation function.

The shared secret calculated by both parties is equal, because $d_A Q_B = d_A d_B G = d_B d_A G = d_B Q_A$ .

The only information about her private key that Alice initially exposes is her public key. So, no party other than Alice can determine Alice's private key, unless that party can solve the elliptic curve Discrete Logarithm problem. Bob's private key is similarly secure. No party other than Alice or Bob can compute the shared secret, unless that party can solve the elliptic curve Diffie-Hellman problem.

The public keys are either static (and trusted, say via a certificate) or ephemeral. Ephemeral keys are temporary and not necessarily authenticated, so if authentication is desired, authenticity assurances must be obtained by other means. Authentication is necessary to avoid Man in the Middle attacks. If one of Alice or Bob's public key is static then Man in the Middle attacks are thwarted. Static public keys provide neither forward secrecy nor key-compromise impersonation resilience, among other advanced security properties. Holders of static private keys should validate the other public key, and should apply a secure key derivation function to the raw Diffie–Hellman shared secret to avoid leaking information about the static private key. For schemes with more advanced security properties, see ECMQV and FHMQV.

While the shared secret may be used directly as a key, it is often desirable to hash the secret to remove weak bits due to the Diffie-Hellman exchange.^[4]

References

^ NIST, Special Publication 800-56A, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography

, March, 2006.
^ Certicom Research, Standards for efficient cryptography, SEC 1: Elliptic Curve Cryptography

, Version 1.0, September 20, 2000.
^ NSA Suite B Cryptography, Suite B Implementers' Guide to NIST SP 800-56A

, July 28, 2009.
^ Law, Laurie; Menezes, Alfred; Qu, Minghua; Solinas, Jerry; Vanstone, Scott (August 28, 1998). An Efficient Protocol for Authenticated Key Agreement

. Certicom. Retrieved January 19, 2012.

v t e Public-key cryptography

Algorithms	Benaloh Blum–Goldwasser Cayley–Purser CEILIDH Cramer–Shoup Damgård–Jurik DH DSA EPOC ECDH ECDSA EKE ElGamal signature scheme GMR Goldwasser–Micali HFE IES Lamport McEliece Merkle–Hellman MQV Naccache–Stern NTRUEncrypt NTRUSign Paillier Rabin RSA Okamoto–Uchiyama Schnorr Schmidt–Samoa SPEKE SRP STS Three-pass protocol XTR

Theory	Discrete logarithm Elliptic curve cryptography RSA problem

Standardization	ANS X9F1 CRYPTREC IEEE P1363 NESSIE NSA Suite B

Topics	Digital signature OAEP Fingerprint PKI Web of trust Key size

v t e Cryptography

History of cryptography Cryptanalysis Cryptography portal Outline of cryptography

Symmetric-key algorithm Block cipher Stream cipher Public-key cryptography Cryptographic hash function Message authentication code Random numbers Steganography

雜貨鋪老闆

关注

1
点赞
踩
1

收藏

觉得还不错? 一键收藏
0
评论
Elliptic curve Diffie–Hellman

原文地址：https://en.wikipedia.org/wiki/Elliptic_curve_Diffie%E2%80%93Hellman Elliptic curve Diffie–HellmanFrom Wikipedia, the free encyclopediaJump to: navigation, search Elliptic curv
复制链接

扫一扫