/ˌiː-siː-diː-eɪtʃ/
n. “Shaking hands securely, without meeting.”
ECDH, or Elliptic Curve Diffie-Hellman, is a key exchange protocol that allows two parties to establish a shared secret over an insecure channel without ever transmitting the secret itself. It builds upon the principles of ECC, leveraging the difficulty of the elliptic curve discrete logarithm problem to provide strong security with relatively small keys. Unlike traditional Diffie-Hellman, which relies on modular exponentiation, ECDH is far more efficient and better suited for modern constrained environments like mobile devices and IoT.
The process works like this: each party generates a private ECC key and a corresponding public key. They exchange public keys and perform elliptic curve operations locally to compute a shared secret that only they can derive. Even if an attacker intercepts the public keys, the underlying math ensures the shared secret remains confidential.
Example usage: When a web browser and server establish a secure HTTPS connection using TLS, they might use ECDH for the key exchange. Each side generates its own ECC key pair, exchanges public keys, and computes the shared session key locally. This key then encrypts all subsequent traffic, protecting sensitive data like passwords, credit card numbers, and personal messages.
ECDH is often combined with digital signatures (such as ECDSA) to ensure authenticity. While ECDH guarantees the secrecy of the shared key, signatures confirm that the key really comes from the intended party, preventing man-in-the-middle attacks. In practical applications, protocols like TLS 1.2/1.3 and secure messaging apps rely heavily on ECDH for this reason.
Security considerations include proper curve selection, secure random number generation for private keys, and resistance to side-channel attacks. Standard curves defined by NIST or other vetted sources are recommended to avoid subtle vulnerabilities. Additionally, ephemeral ECDH keys, regenerated for each session, provide perfect forward secrecy, meaning that even if long-term keys are compromised later, past communications remain secure.
ECDH exemplifies how modern cryptography blends mathematical elegance with practical security needs. By using elliptic curves to exchange secrets efficiently, it underpins the encryption and authentication mechanisms in virtually every secure online communication today. Whether in VPNs, secure messaging, or TLS connections, ECDH ensures that the handshake is private, fast, and trustworthy.