Integrated Encryption Scheme (IES) is a hybrid encryption scheme which provides semantic security against an adversary who is allowed to use chosen-plaintext and chosen-ciphertext attacks. The security of the scheme is based on the Diffie–Hellman problem. Two incarnations of the IES are standardized: Discrete Logarithm Integrated Encryption Scheme (DLIES) and Elliptic Curve Integrated Encryption Scheme (ECIES), which is also known as the Elliptic Curve Augmented Encryption Scheme or simply the Elliptic Curve Encryption Scheme. These two incarnations are identical up to the change of an underlying group and so to be concrete we concentrate on the latter.
Contents
Information required
To send an encrypted message to Bob using ECIES, Alice needs the following information:
Encryption
To encrypt a message
- generates a random number
r ∈ [ 1 , n − 1 ] and calculatesR = r G ; - derives a shared secret:
S = P x P = ( P x , P y ) = r K B P ≠ O ); - uses KDF to derive a symmetric encryption and a MAC keys:
k E ∥ k M = KDF ( S ∥ S 1 ) ; - encrypts the message:
c = E ( k E ; m ) ; - computes the tag of encrypted message and
S 2 d = MAC ( k M ; c ∥ S 2 ) ; - outputs
R ∥ c ∥ d .
Decryption
To decrypt the ciphertext
- derives the shared secret:
S = P x P = ( P x , P y ) = k B R (it is the same as the one Alice derived becauseP = k B R = k B r G = r k B G = r K B P = O ; - derives keys the same way as Alice did:
k E ∥ k M = KDF ( S ∥ S 1 ) ; - uses MAC to check the tag and outputs failed if
d ≠ MAC ( k M ; c ∥ S 2 ) ; - uses symmetric encryption scheme to decrypt the message
m = E − 1 ( k E ; c ) .