Skip to content

Elliptic Curve Menezes Qu Vanstone

Elliptic-Curve Menezes-Qu-Vanstone (ECMQV)

https://en.wikipedia.org/wiki/MQV
https://asecuritysite.com/encryption/mvq

How it works

  1. Alice generates a random number x and uses it to make a Point (p1x, p1,y) on the Curve
  2. Bob generates a random number y and uses it to make a Point (p2x, p2,y) on the Curve
  3. Alice calculates X_hat = (p1x mod 2^((log_2(n) + 1)/2)
  4. Bob calculates Y_hat = (p1x mod 2^((log_2(n) + 1)/2)

Implementation

from ecc_lib import *
import hashlib, os, math, random
from cryptopals_lib import bytes_to_int, int_to_bytes, secure_rand_between


def bar(x, order):
	#Take the first L bits of the x Point and set the MSB
	l = math.ceil( (math.floor(math.log(order, 2)) + 1) / 2 )
	return ( x % pow(2, l) ) + pow(2, l)



if __name__ == '__main__':
	order = secp256k1_Generator_Point.curve.order
	cofactor = 1

	#Generate KeyPair Alice
	alice_private_key, alice_public_point = generate_KeyPair(secp256k1_Generator_Point)

	#Generate Alice random Point
	alice_random = random.getrandbits(256)
	alice_random_point = secp256k1_Generator_Point * alice_random

	print(alice_private_key, alice_public_point)


	#Generate KeyPair Bob
	bob_private_key, bob_public_point = generate_KeyPair(secp256k1_Generator_Point)
	print(bob_private_key, bob_public_point)

	#Generate Bob random Point
	bob_random = random.getrandbits(256)
	bob_random_point = secp256k1_Generator_Point * bob_random



	#Generate Signatures
	alice_signature = (alice_random + (bar(alice_random_point.x, order) * alice_private_key)) % order
	bob_signature = (bob_random + (bar(bob_random_point.x, order) * bob_private_key)) % order
	print(f"Alice Signature: {alice_signature}")
	print(f"Bob Signature:   {bob_signature}")


	#Key Exchange

	#Alice Side
	#Ja = cofactor * alice_signature * (bob_random_point + bar(bob_random_point) * bob_public_key_point)
	alice_side = bob_random_point + ( bar(bob_random_point.x, order) * bob_public_point)
	alice_side = cofactor * (alice_signature * alice_side)


	#Bob side
	#Jb = cofactor * bob_signature * (alice_random_point + bar(alice_random_point) * alice_public_key_point)
	bob_side = alice_random_point + ( bar(alice_random_point.x, order) * alice_public_point)
	bob_side = cofactor * (bob_signature * bob_side)

	print(alice_side)
	print(bob_side)


	assert alice_side == bob_side

Security

Unknown key-share attack

It is also known as source-substitution or identity misbinding Attacks

If you have MITM then Eve can generate a shared key with bob even though it was meant for Alice