Skip to content

Cryptographic

Introduction

Elliptic curve cryptography (ECC) is a public-key cryptography method that uses elliptic curves algebraic structures over finite fields. ECC provides security using smaller keys than other cryptographic methods. ECC can be used for key agreement, digital signatures, pseudo-random generators, etc. ECC can be used for indirect encryption by using a symmetric encryption scheme with the key agreement.

Key exchange in IEP is based on the Curve25519 algorithm, which generates a shared secret key using a fast, efficient, high-security elliptic-curve Diffie-Hellman function. The algorithm was first demonstrated by Daniel J. Bernstein in 2006. IEP’s Message signing in IEP is implemented using the Elliptic-Curve Korean Certificate based Digital Signature Algorithm (EC-KCDSA), specified as part of IEEE P1363a by the KCDSA Task Force team in 1998. Both algorithms were chosen for their balance of speed and security for a key size of only 32 bytes.

Encryption Algorithm

When Alice sends an encrypted plain text to Bob, she:

  1. Calculates a shared secret: shared_secret = Curve25519 (Alice_private_key, Bob_public_key)

  2. Calculates N seeds: seedn = SHA256(seedn­1 ), where seed0 = SHA256(shared_secret)

  3. Calculates N keys: keyn = SHA256(Inv(seedn )), where Inv(X) is the inversion of all bits of X

  4. Encrypts the plaintext: ciphertext[n] = plaintext[n] XOR keyn

Upon receipt Bob decrypts the ciphertext:

  1. Calculates a shared secret: shared_secret = Curve25519(Bob_private_key, Alice_public_key)
  2. Calculates N seeds (this is identical to Alice’s step): seedn = SHA256(seedn­1 ), where seed0 = SHA256(shared_secret)
  3. Calculates N keys (this is identical to Alice’s step): keyn = SHA256(Inv(seedn )), where Inv(X) is the inversion of all bits of X
  4. Decrypts the ciphertext: plaintext[n] = ciphertext[n] XOR keyn

Note: If someone guesses part of the plaintext, he can decode some part of subsequent messages between Alice and Bob if they use the same key pairs. As a result, it’s advised to generate a new pair of private/public keys for each communication.