sandeep_banisetti February 2016

Key derivation function for Shared secret generated by diffie hellman key exchange

How do i use the shared secret genrated by diffie hellman key exchange further, for key derivation function.

This is my code:

KeyPairGenerator keyGen = KeyPairGenerator.getInstance("ECDH", "BC");

        ECGenParameterSpec ecsp;
        ecsp = new ECGenParameterSpec("secp192r1");

        keyGen.initialize(ecsp, new SecureRandom());
        // Generate RSA Assymetric KeyPair
        KeyPair alice_pair = keyGen.generateKeyPair();
        // Extract Public Key
        PublicKey alice_pub =  alice_pair.getPublic();
        // Extract Private Key
        PrivateKey alice_pvt = alice_pair.getPrivate();

  KeyAgreement alice_agreement =    KeyAgreement.getInstance("ECDH","BC");
        alice_agreement.init(alice_pair.getPrivate());
        alice_agreement.doPhase(bob_pub, true);
        byte[] alice_secret = alice_agreement.generateSecret();
        SecretKeySpec alice_aes = new SecretKeySpec(alice_secret, "AES");

        // Create KeyAgreement for Bob
        KeyAgreement bob_agreement = KeyAgreement.getInstance("ECDH","BC");
        bob_agreement.init(bob_pvt);
        bob_agreement.doPhase(alice_pub, true); 

Can the shared secret can be ECC curve point?

Answers


vojta February 2016

The resulting shared secret is always a curve point. That is why you shouldn't work with the ECDH secret directly, because just a few secrets from the whole space of all secrets are curve points and some bits from the result are "weak" - predictable with the knowledge of the chosen elliptic curve.

You should do following steps to get a secret AES key:

  1. Hash the result of ECDH with some secure hash algorithm (SHA256, SHA512).
  2. Take the first 16 bytes of the hash
  3. Create an AES key.

Note:

You are using Bouncy Castle crypto provider. According to its documentation and the source code, the shared secret result you get is the X affine coordinate of your desired EC point (an instance of java.math.BigInteger) encoded as a byte array.

Post Status

Asked in February 2016
Viewed 3,173 times
Voted 9
Answered 1 times

Search




Leave an answer