0

I would like to marry ECIES to a scheme based on PBKFD2. Effectively, I want the Key Encapsulation Mechanism to use Diffie-Hellman, but rather than encrypting the seed material with the recipient's public key, I want to use a KDF to mask what remains.

"What remains" has a lot of hand waiving, but I think the natural way to approach it is to embed a temporary EC private key and encrypt it using the KDF function. Then, the software would decrypt the EC private key and proceed as normal in ECIES.

Is anyone aware of such a scheme? (I prefer something that's been standardized).

  • Is "the seed material" the plaintext or the password or something else? If it's the password, then is the password held by the sender or the receiver or as a password-and-[verifier](http://security.stackexchange.com/q/41447/49075)? –  Jun 18 '15 at 23:23
  • @Ricky - you can find Shoup's paper here: [A Proposal for an ISO Standard for Public Key Encryption](http://www.shoup.net/papers/iso-2_1.pdf). –  Jun 18 '15 at 23:51

0 Answers0