ECDH Key Exchange - Examples
Now let's implement the ECDH algorithm (Elliptic Curve Diffie–Hellman Key Exchange) in Python.
We shall use the tinyec library for ECC in Python:
1
pip install tinyec
Copied!
Now, let's generate two public-private key pairs, exchange the public keys and calculate the shared secret:
1
from tinyec import registry
2
import secrets
3
4
def compress(pubKey):
5
return hex(pubKey.x) + hex(pubKey.y % 2)[2:]
6
7
curve = registry.get_curve('brainpoolP256r1')
8
9
alicePrivKey = secrets.randbelow(curve.field.n)
10
alicePubKey = alicePrivKey * curve.g
11
print("Alice public key:", compress(alicePubKey))
12
13
bobPrivKey = secrets.randbelow(curve.field.n)
14
bobPubKey = bobPrivKey * curve.g
15
print("Bob public key:", compress(bobPubKey))
16
17
print("Now exchange the public keys (e.g. through Internet)")
18
19
aliceSharedKey = alicePrivKey * bobPubKey
20
print("Alice shared key:", compress(aliceSharedKey))
21
22
bobSharedKey = bobPrivKey * alicePubKey
23
print("Bob shared key:", compress(bobSharedKey))
24
25
print("Equal shared keys:", aliceSharedKey == bobSharedKey)
Copied!
The elliptic curve used for the ECDH calculations is 256-bit named curve brainpoolP256r1. The private keys are 256-bit (64 hex digits) and are generated randomly. The public keys will be 257 bits (65 hex digits), due to key compression.
The output of the above code looks like this:
1
Alice public key: 0x66c808e6b5be6d6620934bc6ffa2b8b47f9786c002bfb06d53a0c27535641a5d1
2
Bob public key: 0x7d15195432d1ac7f38aeb054d07d9b2e1faa913b78ad04d5efdd4a1ee8d9a3191
3
Now exchange the public keys (e.g. through Internet)
4
Alice shared key: 0x90f5a1cf2ed1dbb0322178df6bb0dd72c541884618b2989a3e5e663198667a621
5
Bob shared key: 0x90f5a1cf2ed1dbb0322178df6bb0dd72c541884618b2989a3e5e663198667a621
6
Equal shared keys: True
Copied!
Due to randomization, if you run the above code, the keys will be different, but the calculated shared secret for Alice and Bob at the end will always be the same. The generated shared secret is a 257-bit integer (compressed EC point for 256-bit curve, encoded as 65 hex digits).
Last modified 7d ago
Copy link