• # H1
• ## H2
• ### H3
• _italic_
• **bold**
• ~~strikethrough~~
• - Lists
• 1. Numbered lists
• [References][1]
[1]: Can be used
• ![image alt](img/logo.png)
• Inline code
• pythonprint "Code block"
• > Quotes
• --- Horizontal rule
? Editing: Post:21.body Cancel
Content changed

# Ivanq's Blog

## Posts about encryption, zite development and everything else you want

• leftside: Great! thanks for ur kind work!
• gitcenter: Sorry, something went wrong. Fixed now!
• leftside: All mathematical equations seem to look raw html tags..! ...
• nofish: WebGL under linux can be problematic, here is some tips...

# Title

21 hours ago · 2 min read ·
Body

# Integrated Encryption Scheme and MAC

on Apr 29, 2019 · 6 min read

Today, we'll talk about MAC, DLIES and ECIES.

## DLIES

The first topic is DLIES, or Discrete Logarithm Integrated Encryption Scheme.

Pretend Alice wants to send a message to Bob. Alice doesn't want others to read the message, so she's going to encrypt it. Let's help Alice!

Pretend we have the following:

$m - \space \text{the message to encrypt} \newline p \in \Z - \space \text{finite field modulo} \newline G \in \mathbb{F}_p - \space \text{the generator} \newline b \in \mathbb{F}_p - \space \text{Bob's private key} \newline B \in \mathbb{F}_p - \space \text{Bob's public key}$

(of course, Alice doesn't have Bob's private key)

Here's what we're going to do now:

1. Bob creates and shares the public key as $B = G^b$.

2. Alice generates a random private key $a \in \mathbb{F}_p$ and derives public key as $A = G^a$.

3. Alice derives a shared secret $S = B^a$ (you can notice that $S = G^ab$).

4. Alice uses a symmetric cipher (e.g. AES or 3DES) to make ciphertext $c = E_S(m)$, where $E_k(m)$ means "encrypt message $m$ with key $k$".

5. Alice sends $A \Vert c$ to Bob.

Then, when Bob wants to decrypt the message, that's what he does:

1. Bob receives the ciphertext $c$ and Alice's public key $A$.

2. Bob derives a shared secret $S = A^b$ (you can notice that $S = G^ab$).

3. Bob decrypts the ciphertext: $m = E^{-1}_S(c)$.

### Increasing security

Notice something interesting:

Alice generates a random private key for every message. This means that the shared secret is always different, and there is no way to get several messages encrypted with one key which is safer.

This, however, only means that a message can't be decrypted — this does not mean that it can't be changed.

There are many symmetric encryption algorithms which allow you to change the message even if you don't have the private key: for example, flipping a bit in the ciphertext will also flip the same bit it in the message.

Here's what you could do: if you know that the message looks the following way:

Hello! You wanted to send me the payment for my work, do you remember this? Please send it to this bitcoin address: 1HeLLo4uzjaLetFx6NH3PMwFP3qbRbTf3D.

Here's what you could make it look like:

Hello! You wanted to send me the payment for my work, do you remember this? Please send it to this bitcoin address: 1FwH89xyniDgy3t6fCWrggLs22MnGPZ5K5.

Oops.

There's also another similar problem: Bob has no idea who sent him the message. If someone knows Alice's public key, he can send garbage to Bob, which could, however, do something bad.

Oops.

## MAC

Some people, when confronted with a problem, think, “I know, I’ll use regular expressions.” Now they have two problems.

On the other side, MAC solves two problems, and that's exactly what we're looking for.

First of all, what's MAC? MAC stands for "Message Authentication Code".

Pretend you have a magic function $MAC_k(m)$ that somehow returns a proof that you have the private key $k$ and the message $m$ hasn't been changed. What would you do then?

We can update DLIES with the following step:

• When Alice wants to send a message to Bob, she does the following:

1. Generate the encryption key and the MAC key via $k_E \Vert k_{MAC} = B^a$.

2. Get the ciphertext: $c = E_{k_E}(m)$.

3. Get the MAC: $d = MAC_{k_{MAC}}(c)$.

4. Send $A \Vert d \Vert c$.

• When Bob wants to receive a message from Alice, he does the following:

1. Generate the encryption key and the MAC key via $k_E \Vert k_{MAC} = A^b$.

2. Verify MAC: if $d \neq MAC_{k_{MAC}}(c)$, stop.

3. Decrypt the message: $m = E^{-1}_{k_E}(c)$.

## ECIES

Elliptic curves are better than integers, right? Let's think how to use our knowledge to apply EC here!

First, we of course know how to generate the public key: $A = aG$. Second, we can use X coordinates everywhere where we need integers.

So, here's the algorithm for encryption:

1. Generate random private key $a \in \mathbb{F}_n$.

2. Generate public key $A = aG$.

3. Derive encryption key and MAC key $k_E \Vert k_{MAC} = x_{aB}$.

4. Generate ciphertext $c = E_{k_E}(m)$.

5. Generate MAC $d = MAC_{k_{MAC}}(c)$.

6. Send $x_A \Vert y_A \Vert d \Vert c$.

The decryption algorithm is the following:

1. Derive encryption key and MAC key $k_E \Vert k_{MAC} = x_{bA}$.

2. Check MAC: if $d \neq MAC_{k_{MAC}}(c)$, stop.

3. Decrypt message $m = E^{-1}_{k_E}(c)$.

## 0 Comment:

user_name1 day ago