encryptioncryptographyelliptic-curveecdhecies

Is ECIES a public encryption algorithm?


I've implemented RSA encryption algorithm to encrypt the symmetric key used in data encryption, but the key size and the ciphertext size of RSA created a memory issue, so I searched other methods of public key cryptography for the solution. I found elliptic curve integrated encryption scheme (ECIES) and understand the theory behind it, however, I am a bit unclear that how this method be used as public/asymmetric encryption algorithm. The method computes the symmetric encryption with the key derived from the shared secret for both encryption and decryption (using the same key).

So how could it be taken as an asymmetric encryption algorithm? Or Is there any method to implement it as asymmetric encryption?


Solution

  • Meta: this isn't really a programming or development question or problem. It probably belongs on crypto.SX; you might ask for migration.

    To be exact, ECIES is a hybrid public-key encryption scheme, but so are most others. For example RSA is commonly used, just as you said, to encrypt a working (per-message) symmetric key, not to directly encrypt data.

    Paraphrasing the wikipedia description:

    1. (Usually in advance) Bob generates a (static) keypair and publishes the publickey authentically (for example using a certificate)

    2-5. Alice generates an ephemeral keypair, derives the shared DEK, and encrypts the data, and sends it with her ephemeral publickey (edit) and destroys the ephemeral privatekey

    1. Bob uses his privatekey to derive the DEK and decrypts the data

    ADDED, and expanded below, per comments: Yes the DEK is the same at both ends (notice I used 'the' meaning one and not several) and that's why this scheme works; and the part of ECIES that uses DEK for data encryption and decryption is symmetric, but all the other operations (which securely create the ephemeral shared DEK) are not.

    It is vital no one besides Alice (or Bob) learns her ephemeral privatekey; if they do they can decrypt. But she doesn't need to explicitly keep it secret because she destroys it immediately after using it to send a message; that's what ephemeral means.

    Let's see:

    Consider the properties of a standard/traditional symmetric scheme instead:

    ECIES has none of these properties of a conventional or symmetric system, and all of the properties of a publickey or asymmetric system above, although it does also use some symmetric operations along with its asymmetric operations.

    And that's why it sounds like (hybrid) public-key encryption to me!