Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Assume: + Alice and Bob both generate separate EC keypairs + Alice obtains Bob\'

ID: 648392 • Letter: A

Question

Assume:

+ Alice and Bob both generate separate EC keypairs

+ Alice obtains Bob's public key, and together with her private key creates a shared secret key

+ Alice encrypts a message using the shared key and some mode of authenticated encryption (AES-GCM, for example)

+ Bob generates the same shared secret key using his private key and Alice's public key

+ Bob decrypts the message, paying attention to whether or not the auth-tag is valid

My question is; if Bob is confident that Alice's public key really belongs to Alice, then can he be confident that it was Alice who encrypted the message? Or to put it another way, in this scenario does the auth-tag effectively serve as a signature created with a public-key? Intuitively I want to say yes, but I just want to make sure I'm not overlooking anything.

Explanation / Answer

It depends on exactly what protocol you're asking about.

ECIES as design gives no assurance to Bob that the message really came from Alice.

This is, with standard ECIES, Alice does not use her private key -- instead, everything that Alice does (encrypt using Bob's public key) could have been done equally well by someone else - hence, Bob has no cryptographical assurance that the message really came from Alice.

Remember, ECIEC is designed to be a public key encryption system; that's precisely what it does, and public key encryption does not necessarily imply sender authentication.

On the other hand, you state "Alice obtains Bob's public key, and together with her private key creates a shared secret key"; you might by that mean that you don't use standard ECIES; instead of the random number, she uses her ECIES private key.

With that modification, it turns out that the protocol is still secure, and in fact does give source authentication; a message from Alice to Bob can be generated by either Alice or Bob, but no one else without Alice or Bob's private key. In addition, in IES, it's optional whether you use a nonce to stir into the KDF -- with this modification, its use is strongly recommended -- otherwise, any message between Alice and Bob will use the same symmetric key, and that's worth avoiding.

Related Questions

Assume you work for a company that produces golf carts sold throughout the world
Question #2529581
Assume you work for a company that produces golf carts sold throughout the world
Question #2567413
Assume you work for a company that redesigns existing products to improve them,
Question #369116
Assume you work for an airline company and you need to assign aircraft to a set
Question #2247368
Assume you work in a museum and you have been asked to developa system that char
Question #3618061
Assume you work in a tutoring center, which operates Mon-Wed. The center keeps t
Question #3621822
Assume you work in the HRD function for a large manufacturing facility. Employee
Question #471642
Assume you work in the sales department for a manufacturer of prescription drugs
Question #351020
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Assume, that a 25 lbs. bag of NaCl is applied to every 50kg ice on a road. As th
Next
Assume: It is 5-10 years in the future and you have just been appointed to a hig

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.