What is the difference between Curve25519 and Ed25519?

Is ECDH faster than DH?

My understanding of DH is that it's faster than ECDH, and that means that in most cases it's better.

But I don't understand how the two protocols relate to each other. Does anyone have any information? Your understanding is incorrect. Here's an excerpt from the RFC 5656, a revision of RFC 2246 ECDH uses public key algorithms, rather than message authentication codes. As a consequence, an attacker that gains access to a secure session has no way of learning the secret message that was agreed upon between the two parties.

The difference between the ECDSA based and ECDH based algorithms means that ECDH may be safer if you use a shorter secret key size.

Is Diffie-Hellman the same as elliptic curve diffie-Hellman?

How to safely encrypt with a symmetric key?

I will assume that the question you actually had was: "Is it okay to use ECDH to generate and encrypt a symmetric key? Or should I stick to RSA". And the answer is no, not in any sensible usage pattern.

It's completely legitimate for someone to generate a symmetric key using an asymmetric encryption scheme. This means that you use a hash function, say SHA-256, and apply it to some secret (eg, password) of yours. That hash result is your symmetric key.

Then encrypt an object (a file, a string, etc.) using AES and a random nonce. The point is that you don't need to use ECC to do this, you can do this using AES alone. In particular, you can encrypt AES-256 keys in just about any language. In Java you would use Cipher.getInstance("AES/GCM/NoPadding") and then specify a nonce to make it really random.

Now how do you use this symmetric key to encrypt and decrypt a message? Well, it's just AES. But don't forget to authenticate the receiver. Otherwise an attacker could decrypt your messages without being able to intercept them. As a side note, most of these algorithms are designed with message authenticity in mind.