LLMpediaThe first transparent, open encyclopedia generated by LLMs

Elliptic-curve Diffie–Hellman

Generated by DeepSeek V3.2
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Transport Layer Security Hop 4
Expansion Funnel Raw 44 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted44
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
Elliptic-curve Diffie–Hellman
NameElliptic-curve Diffie–Hellman
DesignersVictor S. Miller, Neal Koblitz
First published1985
Derived fromDiffie–Hellman key exchange
Key sizes256 bits
Related toElliptic-curve cryptography, Transport Layer Security
CertificationNIST, ANSI, ISO/IEC

Elliptic-curve Diffie–Hellman. It is a key agreement protocol that allows two parties, each having an elliptic-curve public–private key pair, to establish a shared secret over an insecure channel. This shared secret can then be used to derive a key for symmetric encryption, forming a cornerstone of modern secure communications. The protocol is an adaptation of the classical Diffie–Hellman key exchange but uses the algebraic structure of elliptic curves over finite fields to achieve equivalent security with significantly smaller key sizes. Its efficiency and strength have led to widespread adoption in protocols like Transport Layer Security and applications including Signal Protocol.

Overview

The fundamental concept was independently proposed by Victor S. Miller and Neal Koblitz in the mid-1980s, building upon the foundational work of Whitfield Diffie and Martin Hellman. It operates within the mathematical framework of elliptic-curve cryptography, where security relies on the computational hardness of the Elliptic-curve Discrete Logarithm Problem. Compared to traditional RSA (cryptosystem) or standard Diffie–Hellman key exchange based on modular arithmetic, it provides a more efficient primitive for key establishment. Major technology companies, including Google, Cloudflare, and Apple Inc., have integrated it into their security infrastructures to protect data in transit.

Cryptographic details

The protocol requires both parties to agree on a set of public domain parameters, typically specified by standards such as those from NIST or the Internet Engineering Task Force. These parameters define a specific elliptic curve, like Curve25519 designed by Daniel J. Bernstein, or secp256k1 used in the Bitcoin network. Each party generates a private key, which is a random integer, and computes a corresponding public key as a point on the curve through scalar multiplication of a public base point. The core operation involves each party combining their own private key with the other's public key, using the same scalar multiplication, to arrive at an identical shared secret point. The x-coordinate of this resulting point is then used to derive the final symmetric key.

Security

The security rests primarily on the assumed intractability of the Elliptic-curve Discrete Logarithm Problem for well-chosen curves, a problem for which no efficient classical algorithm is known. This provides what is known as forward secrecy, ensuring that compromise of long-term keys does not reveal past session keys. However, implementation security is critical and vulnerabilities can arise from side-channel attacks, poor random number generation, or using curves with hidden weaknesses, as was a concern with algorithms proposed by the National Security Agency. Robust implementations, such as those in OpenSSL and the GNU Privacy Guard, employ constant-time algorithms and rigorous validation to mitigate these risks.

Standardization and implementations

The protocol has been standardized by several major bodies, including ANSI with X9.62, NIST in FIPS 186, and ISO/IEC in the 15946 series. Important curve specifications include NIST P-256, Brainpool curves, and the more recent Curve448. It is implemented in widely used cryptographic libraries like OpenSSL, BoringSSL, and libsodium. Its adoption is mandated in modern versions of Transport Layer Security, such as TLS 1.3, and it is a fundamental component of the Signal Protocol used by WhatsApp and Facebook Messenger. The Internet Engineering Task Force has published key documents, like RFC 7748, to guide its use in internet protocols.

Comparison to other key agreement protocols

When compared to classic Diffie–Hellman key exchange based on finite-field cryptography, it offers equivalent security with much smaller key sizes; a 256-bit elliptic-curve key is considered roughly as secure as a 3072-bit RSA (cryptosystem) key. This leads to substantial benefits in computational speed, bandwidth savings, and energy efficiency, making it ideal for constrained environments like the Internet of Things. Unlike RSA (cryptosystem), which can be used for both key exchange and digital signatures, it is specialized for key agreement. Protocols like the Quantum Key Distribution aim for security based on principles of quantum mechanics, but currently lack the practical maturity and infrastructure of established classical protocols like this one.

Category:Cryptographic protocols Category:Key agreement protocols Category:Elliptic-curve cryptography