###### Books / Practical Cryptography for Developers (Unfinished) / Chapter 6b

# ECDH Key Exchange

The **ECDH** (Elliptic Curve Diffie–Hellman Key Exchange) is **anonymous key agreement scheme**, which allows two parties, each having an elliptic-curve public–private key pair, to establish a **shared secret** over an insecure channel. **ECDH** is very similar to the classical **DHKE** (Diffie–Hellman Key Exchange) algorithm, but it uses **ECC point multiplication** instead of **modular exponentiations**. ECDH is based on the following property of EC points:

- (
***a****G**) *= (**b*****b****G**) ***a**

If we have two **secret numbers** * a* and

*(two*

**b****private keys**, belonging to Alice and Bob) and an ECC elliptic curve with generator point

**G**, we can exchange over an insecure channel the values (

***

**a****G**) and (

***

**b****G**) (the

**public keys**of Alice and Bob) and then we can derive a shared secret:

*= (*

**secret*****

**a****G**) *

*= (*

**b*****

**b****G**) *

*. Pretty simple. The above equation takes the following form:*

**a**- alicePubKey * bobPrivKey = bobPubKey * alicePrivKey =
**secret**

The **ECDH** algorithm (Elliptic Curve Diffie–Hellman Key Exchange) is trivial:

**Alice**generates a**random**ECC key pair: {**alicePrivKey**,**alicePubKey**= alicePrivKey * G}**Bob**generates a**random**ECC key pair: {**bobPrivKey**,**bobPubKey**= bobPrivKey * G}- Alice and Bob
**exchange their public keys**through the insecure channel (e.g. over Internet) **Alice**calculates**sharedKey**= bobPubKey * alicePrivKey**Bob**calculates**sharedKey**= alicePubKey * bobPrivKey- Now both
**Alice**and**Bob**have the same**sharedKey**== bobPubKey * alicePrivKey == alicePubKey * bobPrivKey

In the next section, we shall implement the ECDH algorithm and demonstrate it with code example.