DIDComm hybrid encryption with ECDH-1PU

Hybrid encryption [1] is a prevalent encryption scheme that combines the ability of public-key cryptography to communicate securely without the need for a shared secret, with the resource efficiency of symmetric encryption.

By using public-key cryptography to establish symmetric keys, this scheme can leverage the strengths of both cryptosystems.

Elliptic Curve Diffie-Hellman One-Pass Unified Model (ECDH-1PU) is a key exchange mechanism closely related to ECDH-ES.

Despite being a non-ratified standard, ECDH-1PU is used by the DIDComm Messaging protocol to implement its authcrypt hybrid encryption mechanism.

Compared to ECDH-ES, ECDH-1PU performs an additional static-static Diffie-Hellman exchange alongside the ephemeral-static one.

The approach is based on the One-Pass Unified Model scheme as defined by NIST’s Recommendation for Pair-Wise Key-Establishment Schemes [2].

In ECDH-1PU, the secret from the ECDH-ES ephemeral-static exchange is combined with an additional secret obtained from a static-static key agreement between the static private keys of sender and recipient.

This scheme is an example of the use of a combination of Diffie-Hellman exchanges to benefit from the properties of the set.

Compared to the use of signatures in a nested sign-then-encrypt, ECDH-1PU achieves authentication of peers while providing message repudiation and being more space efficient thanks to the avoidance of nested JOSE structures [3].

Like ECDH-ES, the ECDH-1PU scheme can be used asynchronously. Since the recipient does not contribute ephemeral material, the sender can complete the exchange knowing the recipient’s public key alone.