Computes a shared secret field element by using the Diffie-Hellman scheme and the elliptic curve cofactor.
- Pointer to your own private keyprivKey.
- Pointer to the public keypubKey.
- Pointer to the secret numberbnShare.
- Pointer to the context of the elliptic cryptosystem.
The function computes a secret number
bnSharewhich is a secret key shared between two participants of the cryptosystem. Both participants (Alice and Bob) use the cryptosystem for getting a common secret point on the elliptic curve by using the Diffie-Hellman scheme and elliptic curve cofactor
Alice and Bob perform the following operations:
- Alice calculates her own public keypubKeyAby using her private keyprivKeyA:pubKeyA = privKeyA·G, whereGis the base point of the elliptic curve. Alice passes the public key to Bob.
- Bob calculates his own public keypubKeyBby using his private keyprivKeyB:pubKeyB = privKeyB·G, whereGis a base point of the elliptic curve. Bob passes the public key to Alice.
- Alice gets Bob's public key and calculates the secret pointshareA. When calculating, she uses her own private key and Bob's public key and applies the following formula:shareA =h·privKeyA·pubKeyB =h·privKeyA·privKeyB·G, wherehis the elliptic curve cofactor.
- Bob gets Alice's public key and calculates the secret pointshareB. When calculating, he uses his own private key and Alice's public key and applies the following formula:shareB =h·privKeyB·pubKeyA =h·privKeyB·privKeyA·G, wherehis the elliptic curve cofactor.
bnShareis an x-coordinate of the secret point on the elliptic curve.
- Indicates no error. Any other value indicates an error or warning.
- Indicates an error condition if any of the specified pointers isNULL.
- Indicates an error condition if one of the contexts pointed bypPublicB,pShare, orpECCis not valid.
- Indicates an error condition if the memory size ofbnSharepointed bypShareis less than the value offeBitSizein the functionECCPInit.
- Indicates an error condition if the shared secret key is not valid. (For example, the shared secret key is invalid if the result of the secret point calculation is the point at infinity.)