ECDH Key Exchange

The **ECDH** (Elliptic Curve Diffie–Hellman Key Exchange) is **anonymous key agreement scheme**, which allows two parties, each having an elliptic-curve public–private key pair, to establish a **shared secret** over an insecure channel. **ECDH** is very similar to the classical **DHKE** (Diffie–Hellman Key Exchange) algorithm, but it uses **ECC point multiplication** instead of **modular exponentiations**. ECDH is based on the following property of EC points:

- (
**a***G**) *= (*b***b***G**) **a*

If we have two **secret numbers** *a* and *b* (two **private keys**, belonging to Alice and Bob) and an ECC elliptic curve with generator point **G**, we can exchange over an insecure channel the values (*a* * **G**) and (*b* * **G**) (the **public keys** of Alice and Bob) and then we can derive a shared secret: *secret* = (*a* * **G**) * *b* = (*b* * **G**) * *a*. Pretty simple. The above equation takes the following form:

- alicePubKey * bobPrivKey = bobPubKey * alicePrivKey =
*secret*

The **ECDH** algorithm (Elliptic Curve Diffie–Hellman Key Exchange) is trivial:

- 1.
**Alice**generates a**random**ECC key pair: {**alicePrivKey**,**alicePubKey**= alicePrivKey * G} - 2.
**Bob**generates a**random**ECC key pair: {**bobPrivKey**,**bobPubKey**= bobPrivKey * G} - 3.Alice and Bob
**exchange their public keys**through the insecure channel (e.g. over Internet) - 4.
**Alice**calculates**sharedKey**= bobPubKey * alicePrivKey - 5.
**Bob**calculates**sharedKey**= alicePubKey * bobPrivKey - 6.Now both
**Alice**and**Bob**have the same**sharedKey**== bobPubKey * alicePrivKey == alicePubKey * bobPrivKey

In the next section, we shall implement the ECDH algorithm and demonstrate it with code example.

Last modified 7mo ago

Copy link