How does the elliptic-curve version of Diffie-Hellman cryptography work?
https://stackoverflow.com/questions/2701294
-
01-10-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Does the Elliptic curve diffie hellman calculation look any different from the standard one defined here:
/*
* The basic Diffie-Hellman Key Agreement Equation
*
* The client initiates
* A = g^a mod p
*
* Sends (g p A) to the server
*
* The server calculates B
* B = g^b mod p
*
* Sends B back to client
*
* The client calculates K
* K = B^a mod p
*
* The server calucaltes K
* K = A^b mod p
*
*/
Or is it just a specific way of selecting g, a, p and b? How are g,a,p and b selected anyway?
Solution
The basic principle is the same, but the selection of the private key and how the public key are computed are significantly different. In addition, everyone has to agree beforehand on the elliptic curve to use.
As noted, in the elliptic-curve version of Diffie-Hellman, you first decide which elliptic curve you're using. That determines a number of independent parameters called the domain parameters. Without getting too technical, it turns out that some curves are better than others for cryptographic purposes, so the parameters are actually chosen carefully rather than at random. This is somewhat analogous to picking good prime factors.
There are two sets of domain parameters:
- E, the elliptic curve itself.
- G, a point on E that is called the base point.
E and G are necessary and sufficient to describe all the information you need.
In ECC-DH, the private key d is computed by taking a randomly selected number on the interval [1, n-1], where n is the order of G. The public key Q is computed by taking Q = dG. After that the general idea is the same, except that instead of trying to solve a hard integer factorization problem, you're trying to solve a hard discrete logarithm problem.
