Both parties uses Curve 25519 key pairs for ECDH key exchange. What is the key length of shared secret after ECDH?
Asked
Active
Viewed 2,947 times
1
-
Hint: Of what type is a DH shared secret usually? How big is that type for Curve25519? – SEJPM May 11 '20 at 09:19
-
@SEJPM: the standard 32-byte curve25519 for ecdh – TJCLK May 11 '20 at 09:29
1 Answers
6
In this paper you can find nearly everything about Curve25519. In the section "Specification" you find the answer:
{Curve25519 secret keys} × {Curve25519 public keys} → {Curve25519 public keys}
this is the function, which is calculated for a key exchange. So the shared secret key has the same properties as the public keys:
{ $q: q \in ${ $0,1,...,2^{256 - 1}$}}
This matches, what Bernstein says in the introduction: The key length (for both public and private) are 32 byte long. And in that format they are stored. In other words every key is 256 bits long.
In this post you see an example for these keys.
