Elliptic Curve Integrated Encryption Scheme

The integrated encryption scheme (ECIES) is a hybrid encryption method , the elliptic curves are based. As a hybrid process , it combines an asymmetrical process , which is used to send a symmetrical key, with a symmetrical encryption process , which encrypts the message with this symmetrical key. In the Random Oracle model, ECIES is secure against chosen ciphertext attacks .

Establishing the scheme

The following resources are required:

KDF ( Key Derivation Function ): a cryptographic hash function that can generate keys of any length
MAC ( Message Authentication Code )
A symmetrical encryption method with an encryption algorithm and a decryption algorithm ${\ displaystyle E}$ ${\ displaystyle D}$

System parameters

${\ displaystyle \ mathbb {F} _ {p}}$ , Prime number ${\ displaystyle p}$
Elliptic curve E: above the body ${\ displaystyle Y ^ {2} = X ^ {3} + aX + b}$ ${\ displaystyle \ mathbb {F} _ {p}}$
${\ displaystyle P \ in E (\ mathbb {F} _ {p})}$ with prim ${\ displaystyle ord (P) = n}$
${\ displaystyle h = {\ frac {\ mid E (\ mathbb {F} _ {p}) \ mid} {n}}}$

Key generation

A participant chooses a secret key at random and calculates his public key from it . ${\ displaystyle A}$ ${\ displaystyle d_ {A} \ in \ {1, ..., n-1 \}}$ ${\ displaystyle EK_ {A} = d_ {A} P}$

Encryption

To encrypt a message with a public key , a Diffie-Hellman key exchange is combined in an elliptical curve with a symmetrical method. ${\ displaystyle m \ in \ {0.1 \} ^ {*}}$ ${\ displaystyle EK_ {A}}$

Pick a random number ${\ displaystyle k \ in \ {1, ..., n-1 \}}$
Calculate and ${\ displaystyle R = kP}$ ${\ displaystyle Z = hk \ cdot EK_ {A}}$
Find the symmetric keys . is the x-coordinate of ${\ displaystyle k_ {1} || k_ {2} = KDF (Z_ {x})}$ ${\ displaystyle Z_ {x}}$ ${\ displaystyle Z}$
Calculate and ${\ displaystyle C = E_ {k_ {1}} (m)}$ ${\ displaystyle T = MAC_ {k_ {2}} (C)}$
send ${\ displaystyle (R, C, T)}$

Decryption

In order to decrypt a cipher with a secret key , the following steps are carried out. ${\ displaystyle (R, C, T)}$ ${\ displaystyle d_ {A}}$

Calculate ${\ displaystyle Z = hd_ {A} R}$
Determine the two keys ${\ displaystyle k_ {1} || k_ {2} = KDF (Z_ {x})}$
Check if is ${\ displaystyle T = MAC_ {k_ {2}} (C)}$
Get ${\ displaystyle m = D_ {k_ {1}} (C)}$

Conclusion

ECIES works correctly if it is calculated correctly. There is, this is validated. ${\ displaystyle Z}$ ${\ displaystyle hd_ {A} R = hk \ cdot EK_ {A} = hd_ {A} kP}$

swell

Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone: Handbook of Applied Cryptography . CRC Press, ISBN 0-8493-8523-7 ( uwaterloo.ca ).
Victor Shoup: A proposal for an ISO standard for public key encryption , Version 2.1, December 20, 2001 (PDF, 384 kB).