Integrated Encryption Scheme (IES) is a publickey encryption scheme which provides semantic security against an adversary who is allowed to use chosenplaintext and chosenciphertext attacks. The scheme is based on DiffieHellman problem. Two incarnations of the IES are standardized: Discrete Logarithm Integrated Encryption Scheme (DLIES) and Elliptic Curve Integrated Encryption Scheme (ECIES), which is also known as the Elliptic Curve Augmented Encryption Scheme or simply the Elliptic Curve Encryption Scheme. These two incarnations are identical up to the change of an underlying group and so to be concrete we concentrate on the latter. Public key cryptography is a form of cryptography which generally allows users to communicate securely without having prior access to a shared secret key. ...
In cryptography, encryption is the process of obscuring information to make it unreadable without special knowledge. ...
Semantic security is a widelyused definition for security in an asymmetric key encryption algorithm. ...
In cryptography, an adversary (rarely opponent, enemy) is a malicious entity whose aim is to prevent the users of the cryptosystem from achieving their goal (primarily privacy, integrity and availability of data). ...
The DiffieHellman problem (DHP) is an open problem in number theory developed by Whitfield Diffie and Martin Hellman with implications for modern cryptography. ...
In abstract algebra and its applications, the discrete logarithms are defined in group theory in analogy to ordinary logarithms. ...
In mathematics, an elliptic curve is a plane curve defined by an equation of the form y2 = x3 + a x + b, which is nonsingular; that is, its graph has no cusps or selfintersections. ...
To send an encrypted message to Bob using ECIES Alice needs the following information:  cryptographic suite to be used:
 KDF, e.g., ANSIX9.63KDF with SHA1 option;
 MAC, e.g., HMACSHA1160 with 160bit keys or HMACSHA180 with 160bit keys;
 symmetric encryption scheme E, e.g., 3key TDES in CBC mode or XOR encryption scheme;
 EC domain parameters: (p,a,b,G,n,h) for a curve over prime field or (m,f(x),a,b,G,n,h) for a curve over binary field;
 Bob's public key: K_{B} (Bob generates it as follows: K_{B} = k_{B}G, where k_B is the private key he chooses at random: );
 optional shared information: S_{1} and S_{2}.
To encrypt a message m Alice does the following: A Key derivation function or key stretcher is a cryptographic hash function which is designed to make a key or password harder to attack using a precomputed dictionary attack or brute force attack. ...
A cryptographic message authentication code (MAC) is a short piece of information used to authenticate a message. ...
Symmetrickey algorithms are a class of algorithms for cryptography that use trivially related cryptographic keys for both decryption and encryption. ...
 generates a random number and calculates R = rG;
 derives a shared secret: S = P_{x}, where P = (P_{x},P_{y}) = rK_{B} (and );
 uses KDF to derive a symmetric encryption and a MAC keys: ;
 encrypts the message: c = E(k_{E};m);
 computes the tag of encrypted message and S_{2}: ;
 outputs .
To decrypt the ciphertext Bob does the following:  derives the shared secret: S = P_{x}, where P = (P_{x},P_{y}) = k_{B}R (it is the same as the one Alice derived because P = k_{B}R = k_{B}rG = rk_{B}G = rK_{B}), or outputs failed if P = O;
 derives keys the same way as Alice did: ;
 uses MAC to check the tag and outputs failed if ;
 uses symmetric encryption scheme to decrypt the message m = E ^{− 1}(k_{E};c).
References
