5

I'd like to know if using the ECDH shared secret of a static EC Private Key with it's own corresponding static EC Public Key causes a problem / weakness.

(edit) not asking if it's ok to re-use the keys multiple times. Static EC Keys are known to be ok in this usage case.

Background:

In this environment, several agents are producing and consuming data, and the streams are being protected with static ECDH keys.

The ECDH Shared secret is hashed before it is used as a key in the asymmetric stream cipher. The shared secret will be the same each iteration / connection.

The stream is eventually stored to disk (encrypted)

Typical usage (not considered a problem): $$ Alice( public ) : \ Q_A = d_A G $$ $$ Bob( private ) : \ d_B $$ $$ ECDH Secret (Alice Bob) = d_B Q_A = d_B d_A G $$

Normal so far...

Question Case:

In some instances, the Producer and Consumer are the same agent, and this ECDH secret devolves into:

$$ ECDH Secret (Alice Alice) = d_A Q_A = d_A d_A G = (d_A)^2G $$

Is this a problem?

Mike Edward Moras
  • 18,161
  • 12
  • 87
  • 240
Jack
  • 63
  • 6

1 Answers1

5

No, it's not a problem.

What you've found is known as the square computational diffie-hellman problem(SCDH) and it can be shown that this is equivalent to the computational diffie-hellman problem(CDH).

For completeness:
SCDH:
Given $g$ (your $G$) and $g^x$ (your $Q$), find $g^{x^2}$ (your $d_A^2G$).

It is shown here that this problem is as hard as the traditional diffie-hellman problem (below):
CDH:
Given $g,g^x,g^y$ find $g^{xy}$.

SEJPM
  • 46,697
  • 9
  • 103
  • 214