LLMpediaThe first transparent, open encyclopedia generated by LLMs

ECDH

Generated by DeepSeek V3.2
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Transport Layer Security Hop 4
Expansion Funnel Raw 55 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted55
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
ECDH
NameElliptic Curve Diffie–Hellman
DesignersVictor S. Miller, Neal Koblitz
First published1985
Derived fromDiffie–Hellman key exchange
Key sizes256-bit (common)
Related toElliptic-curve cryptography, Transport Layer Security, Signal Protocol
CertificationNIST, ANSI X9.62, SECG

ECDH is a key agreement protocol that allows two parties, each having an elliptic-curve public–private key pair, to establish a shared secret over an insecure channel. It is a variant of the classical Diffie–Hellman key exchange adapted for the algebraic structure of elliptic curves over finite fields, providing equivalent security with significantly smaller key sizes. The protocol is foundational to modern public-key cryptography and is widely deployed in securing internet communications and various encrypted messaging systems.

Overview

The fundamental concept was independently proposed by Victor S. Miller and Neal Koblitz in the mid-1980s, building upon the mathematical foundations laid by Hendrik Lenstra and others. ECDH enables two parties, often denoted as Alice and Bob in cryptographic literature, to collaboratively generate a secret key without prior shared information, even if their communication is monitored by an adversary like Eve. Its efficiency advantage over traditional RSA or standard Diffie-Hellman stems from the hardness of the elliptic curve discrete logarithm problem (ECDLP). This mathematical problem is believed to be computationally infeasible to solve, forming the core security assumption, as recognized by standards bodies like the NIST and the IETF.

Algorithm

The protocol operates over a publicly agreed upon set of domain parameters, typically specified by standardized curves such as Curve25519, secp256k1 (used in Bitcoin), or the NIST-recommended P-256. Each party generates a private key, which is a random integer, and computes a corresponding public key by performing elliptic curve point multiplication of the private key with a defined base point on the curve. The parties then exchange these public keys over the insecure channel. Upon receipt, each party multiplies their own private key with the other's public key, and due to the properties of the abelian group, both computations yield the same shared secret point. The x-coordinate of this resulting point is then used to derive a symmetric key for subsequent encryption using algorithms like AES or ChaCha20.

Security

The security of ECDH relies primarily on the intractability of the ECDLP within the chosen cyclic group. Compared to the discrete logarithm problem in multiplicative groups of integers modulo a prime, elliptic curve systems offer a more robust security-per-bit ratio, allowing for shorter keys that provide security deemed sufficient against attacks by even state-level actors like the NSA. However, implementation security is critical; vulnerabilities can arise from poor random number generation, side-channel attacks, or the use of weak curves. Protocols must also incorporate safeguards against potential threats such as man-in-the-middle attacks, which are typically mitigated by authenticating the exchanged keys using digital signatures or certificates from a PKI.

Applications

ECDH is extensively used to establish secure sessions in major internet protocols. It forms a core component of the key exchange in TLS versions 1.2 and 1.3, securing connections to websites served by Apache or Nginx. It is also fundamental to the Signal Protocol, which provides end-to-end encryption for messaging applications like WhatsApp and Signal. Within the realm of cryptocurrency, ECDH is used in Bitcoin and Ethereum for generating shared secrets in certain wallet interaction protocols. Furthermore, it is employed in secure shell (SSH) connections, virtual private networks (VPNs), and the WPA3 standard for securing wireless networks.

Standards and implementations

Numerous standards define the use of ECDH and recommended curves. Prominent among these are ANSI X9.62 from the Accredited Standards Committee X9, standards from the SECG, and recommendations from NIST through publications like FIPS 186. The IETF has codified its use in RFCs such as RFC 4492 and RFC 8422. Widely used cryptographic libraries that implement ECDH include OpenSSL, BoringSSL, LibreSSL, and the GnuPG project. The Curve25519 elliptic curve, designed by Daniel J. Bernstein, is notably implemented in libraries like NaCl and libsodium and is favored for its high performance and security properties.

Category:Cryptographic protocols Category:Key agreement protocols Category:Elliptic-curve cryptography