What is the elliptic curve Diffie Hellman key?
I have read this page from Wikipedia about the elliptic curve Diffie Hellman key, and I have no idea what it is.
Could someone explain to me what it is? I'm not sure if it's a key at all, or a "keypair", or what? Elliptic curves are groups, specifically abelian groups. A group is defined by a set of elements, and an operation on that set. This operation is always defined, but may be left undefined. The set of elements of an elliptic curve group consists of points on the curve (which are elements of the curve), and the operation consists of addition.
So if you have an elliptic curve group, you have a set of points (the points of the curve), and an operation on the points. For example, if you're using the curve from Wikipedia, you might have a set of points that looks like this: Let's say we're considering addition of points. You have two points, (x1, y1) and (x2, y2).
To generate a Diffie-Hellman key, you start with two keys. The first key is (x1, y1) and the second key is (x2, y2). You then use these two keys to generate a third key (x3, y3).
For example, to generate a 3-key Diffie-Hellman key, you could perform the following steps: Generate two random numbers x and y. In the example above, x is 1 and y is 5.
It is a key that can be used for some symmetric algorithm. This is not specific to elliptic curves.
Is elliptic curve cryptography still used?
How secure is it?
Can anyone provide some insight on this? I am currently working with a 3rd party in a contract. The contract has a bunch of stipulations but one of them is that the 3rd party can't be hacked or broken into, and that they will have to implement the elliptic curve cryptography methods used in TLS 1.2. I am wondering if elliptic curve cryptography is still being used? If so, how secure is it?
As far as I know, ECC is still used in TLS 1.2 (and possibly in newer versions of TLS). The most obvious reason would be that TLS is required to use a specific cipher suite, and ECC is the only cipher suite supported by TLS 1.2 (with the exception of a few legacy ciphers, like DES3, that are not recommended).
Apart from that, ECC is still widely used in other places, like in SSL/TLS, and for PGP/GPG. Now, the main question is: how secure it is? The best way to answer that question would be to compare it to other forms of encryption. The fact is that we don't know for sure how ECC works internally. There may be some weaknesses in the algorithm, even though it seems reasonably secure.
The main reason why ECC is secure is because the size of the underlying field is quite big. This means that any attack vector that could be used to break AES would take many years to find.
The second reason is that we can't predict what an attacker will find when trying to break ECC. It may be something very simple like a collision attack, or a much more complicated attack on the underlying field (or the prime factorization of the field).
The third reason is that we know that the number of keys that can be generated using an elliptic curve is limited. The largest key size we've seen was 224 bits in the case of NIST P-224 (and this was a key pair).
The fourth reason is that ECC is based on a large base field, which allows for the construction of special curves that are faster, or that offer better resistance to certain attacks. As for the fifth reason, there are various attacks that may be used against ECC.
Related Answers
Why is ECDH better than DH?
ECDH is a more flexible and easier to use alternative to Diffie-Hellman. br...
Is ECDSA better than RSA?
I'm going to buy a phone with a screen as soon as they start getting good enough, b...
Is there a free program to convert PDF to Excel?
I've seen a few programs that are supposed to be able to c...