# Discrete Logarithm Integrated Encryption Scheme

Discrete Logarithm Integrated Encryption Scheme, or DLIES (formerly named DHES and DHAES), is a hybrid encryption system proposed by Abdalla, Bellare and Rogaway. DLIES has been standardized in ANSI X9.63, IEEE 1363a, and ISO/IEC 18033-2. The authors' submission can be found at http://cseweb.ucsd.edu/~mihir/papers/dhies.html.

DLIES combines a Key Encapsulation Mechanism (KEM) with a Data Encapsulation Mechanism (DEM). The system independently derives a bulk encryption key and a MAC key from a common secret. Data is first encrypted under a symmetric cipher, and then the cipher text is MAC'd under an authentication scheme. Finally, the common secret is encrypted under the public part of a public/private key pair. The output of the encryption function is the tuple `{K,C,T}`, where K is the encrypted common secret, C is the ciphertext, and T is the authentication tag. There is some hand waiving around the "common secret" since its actually the result of applying a Key Agreement function, and it uses the static public key and an ephemeral key pair.

If you are trying to inter-operate and Crypto++ lacks a patch for you, then please visit A Comparison of the Standardized Versions of ECIES. It describes the differences between many of the standardized integrated encryption schemes. Martínez, Alvarez, Encinas, and Ávila do a good job at describing them in an easy to digest format.

Abdalla, Bellare and Rogaway's scheme is similar to Elliptic Curve Integrated Encryption Scheme. DLIES operates over a field of integers, while ECIES operates over a field of elliptic curves.

## DLIES

DLIES is `typedef`'d as a templated structure in `gfpcrypt.h`:

template <class COFACTOR_OPTION = NoCofactorMultiplication, bool DHAES_MODE = true> struct DLIES : public DL_ES< DL_CryptoKeys_GFP, DL_KeyAgreementAlgorithm_DH<Integer, COFACTOR_OPTION>, DL_KeyDerivationAlgorithm_P1363<Integer, DHAES_MODE, P1363_KDF2<SHA1> >, DL_EncryptionAlgorithm_Xor<HMAC<SHA1>, DHAES_MODE>, DLIES<> > { static std::string CRYPTOPP_API StaticAlgorithmName() {return "DLIES";} };

The template parameters include `COFACTOR_OPTION` and `DHAES_MODE`. Greater efficiency can be achieved by selecting `COFACTOR_OPTION = IncompatibleCofactorMultiplication` and `DHAES_MODE = false`.

`DHAES_MODE = true` provides the best security. The greater security is achieved by including the `ephemeralPublicKey` in the key derivation function, and the size of the `encodingParameters` in the authenticator function.