Replying to Avatar Mike Dilger ☑️

QUESTION:

In RSA, you can send an encrypted message to someone cold without any prior interaction, as long as you have their public key.

In elliptic curve cryptosystems, you cannot send somebody an encrypted message cold. In order to send someone an encrypted message you first have to both generate ephemeral keypairs and exchange them (and compute a shared secret with them). And these ephemeral keys must only be used once.

secp256k1 seems to have a way of sending encrypted messages cold (NIP-44) with a non-ephemeral shared point. I'm wondering

* Is this somehow special about secp256k1 that doesn't apply to ed25519? Or,

* Could you also do this in ed25519 but also suffer similar security consequences?
Avatar
Dr. Hax 1y ago

In RSA, you can only encrypt an handful of bytes with the public key. I think the limit is 512 bytes for a 4096-bit RSA key. So what RSA encrypts is a symmetric key (e.g. AES-256), which is what encrypts your data.

My memory on ECC hasn't been burned into my brain as heavily, but I recall it being basically the same overall process, of encrypting a symmetric key, not the message.

A quick search shows that the encryption key and decryption key are the same, which confirms it's symmetric (by definition). https://cryptobook.nakov.com/asymmetric-key-ciphers/ecc-encryption-decryption

All thr ECC algorithms (ed25519, secp, etc) are going to be basically the same. It's just the curve that is changing.

Good luck with whatever you're working on.

Reply to this note

Please Login to reply.

Discussion

Avatar
Mike Dilger ☑️ 1y ago

Yep that was convenient how PGP did it, encrypting the symmetric key to each recipient in the header of the encrypted message. But ECC keys don't work like RSA keys and encryption has to be done with diffie-hellman key exchange to agree upon a shared secret which might then be used for XChaCha20Poly1305 or AES or whatever. And for some security reason you can't use that same shared secret twice (or so I am cautioned by the cyrpto libraries I'm reading the docs in).

nostr:npub1mxrssnzg8y9zjr6a9g6xqwhxfa23xlvmftluakxqatsrp6ez9gjssu0htc gave me a good lead.