ECDH Key Exchange

The ECDH (Elliptic Curve Diffieâ€“Hellman Key Exchange) is anonymous key agreement scheme, which allows two parties, each having an elliptic-curve publicâ€“private key pair, to establish a shared secret over an insecure channel. ECDH is very similar to the classical DHKE (Diffieâ€“Hellman Key Exchange) algorithm, but it uses ECC point multiplication instead of modular exponentiations. ECDH is based on the following property of EC points:

(a * G) * b = (b * G) * a

If we have two secret numbers a and b (two private keys, belonging to Alice and Bob) and an ECC elliptic curve with generator point G, we can exchange over an insecure channel the values (a * G) and (b * G) (the public keys of Alice and Bob) and then we can derive a shared secret: secret = (a * G) * b = (b * G) * a. Pretty simple. The above equation takes the following form:

alicePubKey * bobPrivKey = bobPubKey * alicePrivKey = secret

The ECDH algorithm (Elliptic Curve Diffieâ€“Hellman Key Exchange) is trivial:

1.

Alice generates a random ECC key pair: {alicePrivKey, alicePubKey = alicePrivKey * G}

2.

Bob generates a random ECC key pair: {bobPrivKey, bobPubKey = bobPrivKey * G}

3.

Alice and Bob exchange their public keys through the insecure channel (e.g. over Internet)

4.

Alice calculates sharedKey = bobPubKey * alicePrivKey

5.

Bob calculates sharedKey = alicePubKey * bobPrivKey

6.

Now both Alice and Bob have the same sharedKey == bobPubKey * alicePrivKey == alicePubKey * bobPrivKey

In the next section, we shall implement the ECDH algorithm and demonstrate it with code example.

Last modified 6d ago

Copy link