Posts about encryption, zite development and everything else you want

Follow in NewsfeedFollowingToday, we'll talk about MAC, DLIES and ECIES.

The first topic is DLIES, or Discrete Logarithm Integrated Encryption Scheme.

Pretend Alice wants to send a message to Bob. Alice doesn't want others to read the message, so she's going to encrypt it. Let's help Alice!

Pretend we have the following:

```
$m - \space \text{the message to encrypt} \newline
p \in \Z - \space \text{finite field modulo} \newline
G \in \mathbb{F}_p - \space \text{the generator} \newline
b \in \mathbb{F}_p - \space \text{Bob's private key} \newline
B \in \mathbb{F}_p - \space \text{Bob's public key}$
```

(of course, Alice doesn't have Bob's private key)

Here's what we're going to do now:

Bob creates and shares the public key as

.Alice generates a random private key

and derives public key as .Alice derives a shared secret

(you can notice that ).Alice uses a symmetric cipher (e.g. AES or 3DES) to make ciphertext

, where means "encrypt message with key ".Alice sends

to Bob.

Then, when Bob wants to decrypt the message, that's what he does:

Bob receives the ciphertext

and Alice's public key .Bob derives a shared secret

(you can notice that ).Bob decrypts the ciphertext:

.

Notice something interesting:

Alice generates a random private key for every message. This means that the shared secret is always different, and there is no way to get several messages encrypted with one key which is safer.

This, however, only means that a message can't be decrypted — this does *not* mean that it can't be changed.

There are many symmetric encryption algorithms which allow you to change the message even if you don't have the private key: for example, flipping a bit in the ciphertext will also flip the same bit it in the message.

Here's what you could do: if you know that the message looks the following way:

Hello! You wanted to send me the payment for my work, do you remember this? Please send it to this bitcoin address: 1HeLLo4uzjaLetFx6NH3PMwFP3qbRbTf3D.

Here's what you could make it look like:

Hello! You wanted to send me the payment for my work, do you remember this? Please send it to this bitcoin address: 1FwH89xyniDgy3t6fCWrggLs22MnGPZ5K5.

Oops.

There's also another similar problem: Bob has no idea who sent him the message. If someone knows Alice's public key, he can send garbage to Bob, which could, however, do something bad.

Oops.

Some people, when confronted with a problem, think, “I know, I’ll use regular expressions.” Now they have two problems.

On the other side, MAC solves two problems, and that's exactly what we're looking for.

First of all, what's MAC? MAC stands for "Message Authentication Code".

Pretend you have a magic function

that somehow returns a proof that you have the private key and the message hasn't been changed. What would you do then?We can update DLIES with the following step:

When Alice wants to send a message to Bob, she does the following:

Generate the encryption key and the MAC key via

.Get the ciphertext:

.Get the MAC:

.Send

.

When Bob wants to receive a message from Alice, he does the following:

Generate the encryption key and the MAC key via

.Verify MAC: if

, stop.Decrypt the message:

.

Elliptic curves are better than integers, right? Let's think how to use our knowledge to apply EC here!

First, we of course know how to generate the public key:

. Second, we can use X coordinates everywhere where we need integers.So, here's the algorithm for encryption:

Generate random private key

.Generate public key

.Derive encryption key and MAC key

.Generate ciphertext

.Generate MAC

.Send

.

The decryption algorithm is the following:

Derive encryption key and MAC key

.Check MAC: if

, stop.Decrypt message

.

Please sign in
━
new comment

Sign in as...
Submit comment

## Latest comments: