EC Diffie-Hellman (CSNDEDH) • The EC Diffie-Hellman (CSNDE…

metamitya ·

EC Diffie-Hellman (CSNDEDH)

• The EC Diffie-Hellman (CSNDEDH) verb generates symmetric key material using the Elliptic Curve Diffie-Hellman (ECDH) protocol from various input sources.
• Symmetric key material is derived from a pair of elliptic curve cryptography (ECC) keys, resulting in a secret output known as the "Z" value.
• The verb supports hybrid quantum-safe key exchange schemes, incorporating CRYSTALS-Kyber or AES encrypted values along with ECC keys.
• ECDH enables two parties with ECC public-private key pairs to establish a shared secret over an insecure channel, which is then used to create a symmetric key.
• Both parties must use the same elliptic curve domain parameters and set their key-usage fields for key establishment.
• Supported elliptic curve types include Brainpool, Prime, Edwards, and Koblitz, with various specified key sizes.
• The rule-array keywords define required and optional parameters for key agreement, transport key types, output key types, and key-wrapping methods.
• Internal or external ECC key-tokens must include the private and public keys of the parties involved in the key agreement process.
• Party information data must comply with NIST and ANS standards, with lengths ranging from 8 to 256 bytes.
• The output key material can vary from 64 to 256 bits and must be placed in a designated output key-token.
• The skeleton key-token for output must be either an AES or DES key, with specific formats for legacy and variable-length tokens.
• Both parties can define their key-usage fields and control vector bits, but must use identical skeleton key tokens for consistent key derivation.
• If the skeleton key-token is external, the internal Key Encryption Key (KEK) used to wrap the output key-token must be specified.
• The output from the verb can include internal or external CCA tokens, the "Z" secret material, or symmetric key material from a quantum-safe hybrid key exchange.
• The PASSTHRU service allows users to implement custom key completion processes, but returning the clear "Z" material to applications poses security risks.
• Future key derivations using ECC keys previously utilized in PASSTHRU are deemed to have lower security, and reusing the same keys for both processes is discouraged.
• For more information, refer to EC Diffie-Hellman key agreement models and hybrid quantum-safe key exchange schemes.