Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [ecies]

Elliptic Curve Integrated Encryption Scheme (ECIES) is a public key encryption system proposed by Victor Shoup in 2001. It uses hybrid cryptography using ephemeral-static Diffie-Hellman together with an unspecified symmetric cipher.

Elliptic Curve Integrated Encryption Scheme (ECIES) is a public key encryption system proposed by Victor Shoup in 2001.

ECIES is part of a family of schemes known as Diffie-Hellman Integrated Encryption Scheme (DHIES). In 2001 these schemes were known as Diffie-Hellman Authenticates Encryption Schemes (DHAES), and proposed by Abdalla, Bellare, and Rogaway.

A specific description of ECIES can be found in chapter 5.1 of the Certicom specification of ECC based schemes in the SEC-1 document.

61 questions
11
votes
1 answer

ECIES vs. RSA + AES

I am confused about the distinction between RSA and ECC (Elliptic curve) regarding encryption and would appreciate it if someone could confirm whether my understanding is correct. To encrypt a large file using RSA: Generate a random symmetric…
Vlad
  • 579
  • 1
  • 4
  • 13
11
votes
1 answer

Key exchange using ECDH vs ECIES?

I'm a beginner to ECC crypto programming. Can anyone explain to me the difference between using ECDH for shared key exchange and the use of ECIES by encrypting a shared key with the public key of the receiver? I feel that ECIES could also provide…
hab
  • 275
  • 1
  • 6
7
votes
1 answer

ECIES/ ECDHE/ EC-ElGamal encryption comparison

I need to choose an encryption system, so I am trying to understand the differences between the existing options. I always find that people compare ECIES (Elliptic Curve Integrated Encryption Scheme) with RSA or ElGamal. It is clear that…
SaliaMun
  • 127
  • 4
7
votes
2 answers

ECIES need for KDF

Reading the ECIES algorithms (and elgamal in general), the general wisdom is to use a KDF and MAC on the shared secret before using it for encryption of ciphertext. I suspect, however, this was because the encryption used was XOR (for data sizes…
Erik Aronesty
  • 470
  • 2
  • 15
6
votes
2 answers

Using XOR to derive a data key for ECIES

I have been thinking about a rather simple enhancement for (EC)IES / RSA-KEM. The scheme would allow you to encrypt data while the calculation of the session / data key can be performed afterwards or in parallel. It would also allow you to encrypt…
Maarten Bodewes
  • 96,351
  • 14
  • 169
  • 323
6
votes
3 answers

Is EC integrated encryption scheme used in practice?

I know ECDSA and ECDH are used a lot but what about the ECIES? Is it used or specified as an option in any protocol?
SFlow
  • 465
  • 3
  • 7
6
votes
3 answers

Does ECIES imply authenticity?

Assume: Alice and Bob both generate separate EC keypairs Alice obtains Bob's public key, and together with her private key creates a shared secret key Alice encrypts a message using the shared key and some mode of authenticated encryption (AES-GCM,…
hunter
  • 4,051
  • 6
  • 29
  • 42
5
votes
2 answers

Why is ECIES complex?

Wouldn't encrypting a message with AES, then encrypting the (randomly generated) AES key and IV with the EC public key suffice? What attack vectors does ECIES protect against, that an AES-then-EC-encrypt wouldn't?
fadedbee
  • 968
  • 1
  • 11
  • 31
5
votes
1 answer

Consequence of improper validation in point decompression?

Assume a standard ECC curve in a prime field $\mathbb F_p$ with $p\equiv3\pmod 4$, such as secp256k1; and code turning a bytestring for a compressed ECC public key into an Elliptic Curve point, that does as specified except in the following two…
fgrieu
  • 149,326
  • 13
  • 324
  • 622
4
votes
1 answer

Possible issues with ECIES using a static (non-ephemeral) sender key

After looking at this bitcoin-related ECIES repo I believe the intention is that, at least in some cases, the recipient would know that the message is intended for them and use an secp256k1 public key that they know belongs to you to perform the key…
thesquaregroot
  • 1,289
  • 14
  • 25
4
votes
1 answer

Does Elliptic Curve Integrated Encryption Scheme (ECIES) provide IND-CCA2 security?

I am looking for a faster alternative to RSA with OAEP as a IND-CCA2 public key scheme. Elliptic Curve Integrated Encryption Scheme might be a candidate, but I am not sure if it provides IND-CCA2 security. So the question is if ECIES offers IND-CCA2…
stefanix
  • 317
  • 1
  • 7
4
votes
2 answers

ECIES with ECDSA

I understand how ECIES work. I have a structure of message [alice`s ephemeral public key, MAC tag, ciphertext] I do not understand what I shoud do if I want to use ECIES with ECDSA. For example, each side in application network has static…
sribin
  • 248
  • 2
  • 11
4
votes
1 answer

A standard extension of ECIES for multiple recipients (broadcast / multiparty)?

I have one sender, and a small number (~5) of recipients. The sender knows each recipient's public EC key. I want the sender to broadcast a single message in such a way that any one of the recipients can decrypt it. For reasons that aren't…
RhinoGuy
  • 43
  • 3
4
votes
1 answer

ECIES with AES-GCM

The Elliptic Curve Integrated Encryption Scheme (ECIES) describes how to derive a "temporal" key, encrypt a message (eg. using AES) and creating a MAC. However, from my understanding using AES in GCM mode makes using an additional MAC obsolete. So,…
User
  • 43
  • 3
4
votes
0 answers

ECIES: Purpose of optional shared information?

According to Wikipedia the ECIES algorithm has two optional shared information $S_1$ and $S_2$. They are used as follows: Generate a random shared secret $Z$ according to ECIES, which will never be reused Derive symmetric keys…
tryagain
  • 75
  • 4
1
2 3 4 5