Understanding End-to-End Encryption with ECDH: A Deep Dive

After @faisalamin shared her solution Private Messaging – End-to-End Encryption, I decide to explain end-to-end encryption because I worked with end-to-end solutions before.

End-to-end encryption is now very important for secure communications in digital world. In this post, I will explain how end-to-end encryption works, show the math behind Elliptic Curve Diffie-Hellman (ECDH) key exchange, and look at real example using blockchain memo keys.

What is End-to-End Encryption?

End-to-end encryption (E2EE) makes sure only users talking to each other can read messages between them. No other person—not even service provider—can see communication content.

How E2EE Works in General:

1. Key Generation: Each user has a key pair: public key (can share) and private key (secret)
2. Key Exchange: Users exchange public keys
3. Shared Secret Creation: Each user combines their private key with other's public key to make same shared secret
4. Message Encryption: Sender encrypts messages using shared secret
5. Message Decryption: Receiver decrypts messages using same shared secret

Most important thing in E2EE is private keys never leave their devices, so only right people can decrypt messages.

Understanding Elliptic Curve Diffie-Hellman (ECDH)

ECDH is a way for two people to make a secret key together. They can do this even on a channel that is not safe.
It uses math called elliptic curve cryptography. This math is strong and safe. It needs shorter keys than old ways.
With ECDH, two people can talk in secret. No one else can know what they say. This is good for keeping things private on the internet.

The Mathematics Behind ECDH (Simplified)

Imagine User1 and User2 want to talk securely:

1. Setup: They agree on same elliptic curve E and point G on that curve.

2. Key Generation:

   • User1 makes random private key a and computes public key A = a·G
   • User2 makes random private key b and computes public key B = b·G

3. Key Exchange:

   • User1 sends A to User2
   • User2 sends B to User1

4. Shared Secret Calculation:

   • User1 computes S = a·B = a·(b·G) = (a·b)·G
   • User2 computes S = b·A = b·(a·G) = (b·a)·G = (a·b)·G

Both User1 and User2 now have same point S on curve. Usually, x-coordinate of this point becomes shared secret.

Why This Works and Is Secure

ECDH security depends on elliptic curve discrete logarithm problem: Given points G and P = n·G on elliptic curve, it's very hard to find n if curve is good and n is big enough.

So even if attacker sees public keys A and B, they cannot find private keys a and b, and cannot calculate shared secret.

A Practical Implementation: Memo-Based for the End-to-End solution in steemPro

Looking at code in https://github.com/faisalamin9696/dsteem

The Memo Encryption Process

Let's look at how this works in code https://github.com/faisalamin9696/dsteem this library used in End-to-End messaging solution for steem prop:

1. Initial Processing:

   // Check if message requires encryption
   if (!memo.startsWith('#')) {
     return memo
   }
   memo = memo.substring(1)
   

   The # prefix shows message should be encrypted.

2. Key Processing:

   private_key = toPrivateObj(private_key) // Sender's private key
   public_key = toPublicObj(public_key)    // Recipient's public key
   

3. Message Preparation:

   const mbuf = new ByteBuffer(ByteBuffer.DEFAULT_CAPACITY, ByteBuffer.LITTLE_ENDIAN)
   mbuf.writeVString(memo)
   const memoBuffer = Buffer.from(mbuf.copy(0, mbuf.offset).toBinary(), 'binary')
   

4. ECDH and Encryption:

   const { nonce, message, checksum } = Aes.encrypt(
     private_key,
     public_key,
     memoBuffer,
     testNonce
   )
   

Inside AES encrypt function, ECDH magic happens:

// From crypto.ts
get_shared_secret(public_key: PublicKey): Buffer {
  // Multiply recipient's public key with sender's private key
  const P = KBP.multiply(bigInteger.fromBuffer(this.key));
  // Get the x-coordinate as the shared point
  const S = P.affineX.toBuffer({ size: 32 });
  // Hash the shared point to get the final secret
  return sha512(S);
}

This makes shared secret that both people can calculate on their own. The encryption function then:

• Creates nonce (unique number used once)
• Makes encryption keys from shared secret
• Uses AES-256-CBC to encrypt message with derived key
• Adds checksum for checking

The Decryption Process

When decrypting:

1. Receiver takes encrypted memo and their private key
2. Code finds sender's public key from memo data
3. Same ECDH process makes identical shared secret
4. This secret is used to decrypt message

// Get recipient's public key
const otherpub =
  pubkey === new PublicKey(from.key).toString()
    ? new PublicKey(to.key)
    : new PublicKey(from.key)

// Decrypt using ECDH-derived shared secret
memoBuffer = Aes.decrypt(private_key, otherpub, nonce, encrypted, check)

Benefits of This Approach

This method has many good points:

1. Cryptographic Strength: Uses good, strong crypto methods (ECDH, AES-256)
2. Perfect Forward Secrecy: Old messages stay secure even if keys found later
3. No Key Distribution Problem: No need to share secret keys before
4. Blockchain Integration: Works well with blockchain memo key system

Alternatives to ECDH in End-to-End Encryption

Besides ECDH, other ways exist:

1. RSA Key Exchange: Uses RSA asymmetric encryption for key exchange
2. Signal Protocol: Uses Extended Triple Diffie-Hellman (X3DH) for first key agreement
3. Quantum-Resistant Algorithms: New solutions like lattice-based or hash-based cryptography

Conclusion

End-to-end encryption with ECDH is a good math way to talk safe. Elliptic curves help two people make safe talks without sharing keys first.
The code we saw shows how math ideas turn into real computer code. When we know both the ideas and the code, we see how cryptography keeps our messages safe.
If you make a messaging app, work with blockchain, or just want to learn about cryptography, knowing ECDH helps you understand how security works today.

Don't forget to try this solution in steempro https://steemit.com/hive-151113/@faisalamin/steempro-introduces-private-messaging-end#@faisalamin/re-kafio-2025425t181047951z

---

Join the Steem Memory Game Contest & 25 STEEM up for grabs this week!

Hello,

Are you ready to challenge your memory and win 25 STEEM? Check out my Week 1 Steem Memory Game Contest, where there are 25 STEEM up for grabs this week!

It’s simple, fun, and anyone can participate! Don’t miss out on the opportunity to test your skills and win big!

👉 Join the contest here

Good luck, and I look forward to seeing your entries!