Is there any way to implement encryption/decryption using ECC, like RSA does? Fo

Question

Is there any way to implement encryption/decryption using ECC, like RSA does? For example, say some user wants to send a message containing a symmetric key to user X. Then, in RSA, I could just encrypt the symmetric key using X's public key, and only X can decrypt using his private key. In my particular application, it's important that the receiver does not know the sender's public key.

However, in ECC (at least using OpenSSL), I've only seen support for signing and DH.

I've done some research on ElGamal encryption, but I think I read that the encrypted message is doubled in size. I would like to use 256 bit ECC to encrypt a 256 bit plaintext to a 256 bit ciphertext.

Thanks in advance to anyone who can help.

Explanation / Answer

ECDH is sufficient: once you have done the key exchange, you can use the resulting key with a symmetric encryption algorithm. This is called hybrid encryption and it is desirable anyway, even with RSA, since it allows to bypass the size limitation of RSA encryption (RSA-2048 cannot encrypt more than 245 bytes) and allows for addition integrity protection against active attackers (if the symmetric encryption mechanism includes a MAC,

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.