4 Key exchange using elliptic curves
This chapter covers
- Creating a shared secret using private and public keys
- The Diffie-Hellman key exchange using elliptic curves
- Implementing the NIST Full ECC MQV algorithm
In this chapter, I’ll describe two methods of secure key exchange. As described in chapter 1, elliptic curve cryptography is used to create a secret key for an efficient encryption algorithm. No one but the two parties exchanging public keys can compute the secret key.
Now that we have the basic elliptic curve mathematics routines for point addition and multiplication, we can begin to look at algorithms that use these techniques to implement public key cryptography. The private key is a large integer, and the public key is a point. Since the private key can be anything, a hash of a pass phrase, which is never stored, can be really secure. At the system level, this might be a problem if the phrase is forgotten, but there is nothing to be done about that here.
All key exchange algorithms are based on the Diffie-Hellman process. The process involves the sender’s public key and the receiver’s private key. For many peer-to-peer transactions that do not happen very often this is sufficient. For common transactions between two users (like an employee to their company), it might allow an attack on the shared secret. To prevent this, a more sophisticated method called the Menezes-Qu-Vanstone (MQV) key exchange algorithm can be used.