|
|
| Line 1: |
Line 1: |
| '''Integrated Encryption Scheme (IES)''' is a [[hybrid encryption]] scheme which provides [[semantic security]] against an [[Adversary (cryptography)|adversary]] who is allowed to use chosen-plaintext and chosen-ciphertext attacks. The security of the scheme is based on the [[Diffie–Hellman problem]]. Two incarnations of the IES are standardized: [[Discrete logarithm|Discrete Logarithm]] Integrated Encryption Scheme (DLIES) and [[Elliptic curve|Elliptic Curve]] Integrated Encryption Scheme (ECIES), which is also known as the Elliptic Curve Augmented Encryption Scheme or simply the Elliptic Curve Encryption Scheme. These two incarnations are identical up to the change of an underlying group and so to be concrete we concentrate on the latter.
| | Nice to meet you, I am Marvella Shryock. Hiring is his profession. For years he's been residing in North Dakota and his family loves it. To perform baseball is the hobby he will by no means quit performing.<br><br>Also visit my page :: [http://Www.biogids.nl/biobank/2014-06-13/how-can-1-especially-get-around-todays-diseases over the counter std test] |
| | |
| To send an encrypted message to [[Alice and Bob|Bob]] using ECIES Alice needs the following information:
| |
| * cryptographic suite to be used:
| |
| ** [[Key derivation function|KDF]], e.g., ''ANSI-X9.63-KDF with SHA-1 option'';
| |
| ** [[Message authentication code|MAC]], e.g., ''HMAC-SHA-1-160 with 160-bit keys'' or ''HMAC-SHA-1-80 with 80-bit keys'';
| |
| ** [[Symmetric-key algorithm|symmetric encryption scheme]] <math>E</math>, e.g., ''[[TDEA]] in [[cipher block chaining|CBC]] mode'' or ''XOR encryption scheme'';
| |
| * EC domain parameters: <math>(p,a,b,G,n,h)</math> for a curve over prime field or <math>(m,f(x),a,b,G,n,h)</math> for a curve over binary field;
| |
| * Bob's public key: <math>K_B</math> (Bob generates it as follows: <math>K_B = k_B G</math>, where <math>k_B</math> is the private key he chooses at random: <math>k_B \in [1, n-1]</math>);
| |
| * optional shared information: <math>S_1</math> and <math>S_2</math>.
| |
| | |
| To encrypt a message <math>m</math> Alice does the following: | |
| # generates a random number <math>r \in [1, n-1]</math> and calculates <math>R = r G</math>;
| |
| # derives a shared secret: <math>S = P_x</math>, where <math>P = (P_x, P_y) = r K_B</math> (and <math>P \ne O</math>);
| |
| # uses KDF to derive a symmetric encryption and a MAC keys: <math>k_E \| k_M = \textrm{KDF}(S\|S_1)</math>;
| |
| # encrypts the message: <math>c = E(k_E; m)</math>;
| |
| # computes the tag of encrypted message and <math>S_2</math>: <math>d = \textrm{MAC}(k_M; c \| S_2)</math>;
| |
| # outputs <math>R \| c \| d</math>.
| |
| | |
| To decrypt the ciphertext <math>R \| c \| d</math> Bob does the following:
| |
| # derives the shared secret: <math>S = P_x</math>, where <math>P = (P_x, P_y) = k_B R</math> (it is the same as the one Alice derived because <math>P = k_B R = k_B r G = r k_B G = r K_B</math>), or outputs ''failed'' if <math>P=O</math>;
| |
| # derives keys the same way as Alice did: <math>k_E \| k_M = \textrm{KDF}(S\|S_1)</math>;
| |
| # uses MAC to check the tag and outputs ''failed'' if <math>d \ne \textrm{MAC}(k_M; c \| S_2)</math>;
| |
| # uses symmetric encryption scheme to decrypt the message <math>m = E^{-1}(k_E; c)</math>.
| |
| | |
| ==References==
| |
| * Victor Shoup, [http://www.shoup.net/papers/iso-2_1.pdf A proposal for an ISO standard for public key encryption], Version 2.1, December 20, 2001.
| |
| * Certicom Research, [http://www.secg.org/download/aid-780/sec1-v2.pdf Standards for efficient cryptography, SEC 1: Elliptic Curve Cryptography], Version 2.0, May 21, 2009.
| |
| | |
| {{Cryptography navbox | public-key}}
| |
| | |
| [[Category:Cryptographic protocols]]
| |
Nice to meet you, I am Marvella Shryock. Hiring is his profession. For years he's been residing in North Dakota and his family loves it. To perform baseball is the hobby he will by no means quit performing.
Also visit my page :: over the counter std test