Guides
Start typing to search…

ECDH

ECDH is the Diffie-Hellman Key Exchange over an Elliptic Curve. The purpose of the algorithm is to create a shared key between two parties without prior shared information. The protocol does not provide any guarantee on who you are talking to, but Ephemeral Diffie-Hellman or a combination with other authentication schemes can be used to augment the protocol with such guarantees.

The protocol is simple in that each side generates a public value for the other party and then uses their own private value combined with the other party's public value to create a shared secret. For general ECDH, a new key should be generated for each communication to ensure freshness of the session key, although Ephemeral Diffie-Hellman fixes one of the keys to get authentication, typically of the server.

Creating a Shared Secret

To create a shared secret, first a key needs to be generated, by each SDK calling the following method:

client.ECDH().GenerateKey(ctx, sessionConfig, threshold, curveName, desiredKeyID)

Once the key has been generated, the public key needs to be exported for the other party:

publicKey, err := client.ECDH().PublicKey(ctx, keyID)

This only requires one MPC node, but checking all nodes will prevent a single node from returning a wrong public key.

The public key is then sent to the other party, and the other party sends its public key. Upon receiving the public key (peerPublicKey), the partial secret can be computed by each SDK calling the following method:

partialSecret, err := client.ECDH().ComputeSecret(ctx, sessionConfig, keyID, peerPublicKey, nonce)

The nonce is chosen for each call to ensure that communication is not replayed.

When all the partial secrets have been collected, they can be combined into the secret shared with the other party:

secretShares := [][]byte{partialSecret1, partialSecret2, ...}
secret, err := tsm.ECDHFinalizeComputeSecret(nonce1, secretShares)

Compatibility Options

The X25519 scheme uses the twisted curve, whereas the MPC nodes use the Edwards curves in, e.g., public keys. This means that when interacting with the X25519 protocol, the JSON public keys must be converted to or from the keys used by X25519. This can be done with the following utility methods:

	x25519PublicKey, err := tsm.ECDHJSONPublicKeyToX25519(jsonPublicKey)
	jsonPublicKey, err = tsm.ECDHX25519ToJSONPublicKey(x25519PublicKey)



Updated 1 day ago