Discrete Logarithm Integrated Encryption Scheme

From Crypto++ Wiki
Jump to navigation Jump to search

Discrete Logarithm Integrated Encryption Scheme, or DLIES (formerly named DHES and DHAES), is a hybrid encryption system proposed by Abdalla, Bellare and Rogaway. DLIES has been standardized in ANSI X9.63, IEEE 1363a, and ISO/IEC 18033-2. The authors' submission can be found at http://cseweb.ucsd.edu/~mihir/papers/dhies.html.

DLIES combines a Key Encapsulation Mechanism (KEM) with a Data Encapsulation Mechanism (DEM). The system independently derives a bulk encryption key and a MAC key from a common secret. Data is first encrypted under a symmetric cipher, and then the cipher text is MAC'd under an authentication scheme. Finally, the common secret is encrypted under the public part of a public/private key pair. The output of the encryption function is the tuple [math]\displaystyle{ \{K,C,T\} }[/math], where [math]\displaystyle{ K }[/math] is the encrypted common secret, [math]\displaystyle{ C }[/math] is the ciphertext, and [math]\displaystyle{ T }[/math] is the authentication tag. There is some hand waiving around the "common secret" since its actually the result of applying a Key Agreement function, and it uses the other party's static public key and an ephemeral key pair.

If you are trying to inter-operate and Crypto++ lacks a patch for you, then please visit A Comparison of the Standardized Versions of ECIES. It describes the differences between many of the standardized integrated encryption schemes. Martínez, Alvarez, Encinas, and Ávila do a good job at describing them in an easy to digest format.

Abdalla, Bellare and Rogaway's scheme is similar to Elliptic Curve Integrated Encryption Scheme. DLIES operates over a field of integers, while ECIES operates over a field of elliptic curves.


DLIES is typedef'd as a templated structure in gfpcrypt.h:

template <class COFACTOR_OPTION = NoCofactorMultiplication, bool DHAES_MODE = true>
struct DLIES
    : public DL_ES<
        DL_KeyAgreementAlgorithm_DH<Integer, COFACTOR_OPTION>,
        DL_KeyDerivationAlgorithm_P1363<Integer, DHAES_MODE, P1363_KDF2<SHA1> >,
        DL_EncryptionAlgorithm_Xor<HMAC<SHA1>, DHAES_MODE>,
    DLIES<> >
    static std::string CRYPTOPP_API StaticAlgorithmName() {return "DLIES";}

The template parameters include COFACTOR_OPTION and DHAES_MODE. Greater efficiency can be achieved by selecting COFACTOR_OPTION = IncompatibleCofactorMultiplication and DHAES_MODE = false.

DHAES_MODE = true provides the best security. The greater security is achieved by including the ephemeralPublicKey in the key derivation function, and the size of the encodingParameters in the authenticator function.


No downloads.