How Sender & Receiver Encryption Works

Written by escholar | Published 2025/09/10
Tech Story Tags: lightweight-cryptography | post-quantum-cryptography | public-key-encryption | elliptic-curve-cryptography | isogeny-based-cryptography | internet-of-things-security | rsa-oaep-vulnerabilities | elliptic-curve-encryption

TLDR This article explains how elliptic curve–based encryption secures communication between a sender and receiver. It details the process of choosing a random multiplication factor, generating key points, and hashing for integrity before transmission. On the receiving end, integrity is verified, the random factor is reconstructed, and the original message is securely decrypted. Together, these steps ensure confidentiality, authenticity, and protection against tampering.via the TL;DR App

Table of Links

Abstract and 1 Introduction

  1. Scenario and Requirements

  2. History and Related Work

  3. Concept of Cramer-Shoup with Elliptic Curve and 4.1 Prerequisite

    4.2 Public Key Generation by Receiver

    4.3 Encryption by Sender

    4.4 Decryption by Receiver

  4. Evaluation and 5.1 Proof of Correctness

    5.2 Preliminary Performance Comparison

  5. Proof: Secure against adaptive-chosen ciphertext attacks

    6.1 DDH Assumption and 6.2 CCA Assumption

    6.3 IND-CCA 1 - non-adaptive Security

    6.4 IND-CCA 2 - adaptive Security (Validity Checking Failure)

  6. Security discussion: Post-Quantum Cryptography

  7. Summary, References, and Authors

4.3 Encryption by Sender

The sender would like to store or transmit the data m. For encryption, we secretly and randomly choose a multiplication factor r ∈ Zq. The factor r is chosen anew for each data m. Even if q is unknown and therefore also Zq, r should automatically be part of Zq, because q is chosen accordingly large. This factor r is used to perform point multiplications on the EC as follows, see Equation 4, 5, and 6:

There we obtain the three points U1, U2, and E of the EC.

To protect against tampering and to ensure integrity, one hash value α is calculated over the three points, see Equation 7:

This hash value must also be encrypted before transmission, see Equation 8:

The encrypted data enc{m} for transmission consists of the following components, see Equation 9:

4.4 Decryption by Receiver

The recipient first verifies the integrity of the received message. For this purpose, we calculate alpha again and compare it with the encrypted version, see Equation 10 and 11:

For the decryption of the message, the factor r is extracted from the two points U1 and E and the factor z is indirectly extracted from the point H, see Equation 12.

Author:

(1) Peter Hillmann, University of the Bundeswehr Munich, Department of Computer Science, Werner-Heisenberg-Weg 39, 85577 Neubiberg, Germany.


This paper is available on arxiv under ATTRIBUTION-NONCOMMERCIAL-SHAREALIKE 4.0 INTERNATIONAL license.


Written by escholar | We publish the best academic work (that's too often lost to peer reviews & the TA's desk) to the global tech community
Published by HackerNoon on 2025/09/10