Cryptography Reference
In-Depth Information
The signatures of these messages are the following (note that in the case of the
ASCII message
m1
we have to specify
messagetype=text
):
> s1 := ECDSASign(dp256, eckey[1], m1, snseed1, messagetype = text);
["1c9852d60e45b864ab2227e66447caf678202c5ce1a13135c2423120b9edc870",
"293f8bd87436edfff89abf5dd72e27bceebd777439b5ab677bfd2fa5a7d38538"]
> s2 := ECDSASign(dp256, eckey[1], m2, snseed2);
["510b4b98b7fad7b33f5ca5ea82cf2c2fdfc1ba90329966cea3a0837fe82427af",
"aed245c193e0448c053e056498a50de461a3ae19bf7a1b93fe3151e69c980f6d"]
The verification of the signatures is then as follows:
> ECDSAVer(dp256, eckey[2], m1, s1, messagetype = text);
"Valid"
> ECDSAVer(dp256, eckey[2], m2, s2);
"Valid"
11.4.4 Elliptic Curve Encryption
The only EC encryption scheme we have mentioned so far is Elgamal but, as is
present a more secure encryption scheme which is essentially a hashed version of
Elgamal that also uses a MAC for added protection against active attacks. It is called
“Elliptic Curve Integrated Encryption Scheme” (ECIES) and was introduced in [1]
and subsequently included in several standards.
ECIES is a hybrid encryption scheme in which a Diffie-Hellman protocol is
used to derive two symmetric keys
k
1
,
k
2
. The first of them is used to encrypt the
plaintext with a symmetric encryption scheme and the second is used to authenticate
the resulting ciphertext with a MAC. Thus, in addition to the EC domain parameters
(
,
,
,
,
,
)
p
a
b
G
n
h
, the following cryptographic primitives are also required:
•
An encryption function
E
k
and a decryption function
D
k
corresponding to a
private-key encryption scheme such as AES.
•
A
key derivation function
, KDF, which is built from a hash function and, on input
a pair of points on the elliptic curve (and, possibly, a desired length
l
), outputs a
bit string. KDF is usually defined as a concatenation of hash values similar to that
used for this purpose.
•
A message authentication code, generically denoted MAC (for example, HMAC
can be used).
Given these parameters, the ECIES encryption scheme for elliptic curves over a
prime field may be defined as follows (the definition for other fields is similar):
Definition 11.6
The
Elliptic Curve Integrated Encryption Scheme
is the public-key
encryption scheme:
(
Gen
ECIES
,
Enc
ECIES
,
Dec
ECIES
)
ECIES =
,