ECDH
What is ECDH?
ECDHThe elliptic-curve variant of the Diffie–Hellman key-exchange protocol, providing the same shared-secret functionality with smaller keys and faster operations.
Elliptic Curve Diffie–Hellman (ECDH) is the elliptic-curve form of the Diffie–Hellman key exchange. Each party generates a key pair on a chosen curve, exchanges the public point, then multiplies the peer's public point by its own private scalar to obtain the same shared point; a hash or key-derivation function then converts the point into one or more symmetric keys. ECDH offers equivalent security to traditional DH at much smaller key sizes — for example, 256-bit Curve25519 or P-256 provides ~128-bit security, where finite-field DH would need 3072-bit primes. The ephemeral variant ECDHE is the cornerstone of forward-secret handshakes in TLS 1.3, modern SSH, WireGuard, and the Signal Protocol. Like DH, ECDH on its own provides no authentication; it must be paired with signatures, certificates, or other identity mechanisms.
● Examples
- 01
TLS 1.3 negotiates X25519 ECDHE for nearly all sessions today.
- 02
WireGuard uses Curve25519 ECDH inside its Noise-based handshake.
● Frequently asked questions
What is ECDH?
The elliptic-curve variant of the Diffie–Hellman key-exchange protocol, providing the same shared-secret functionality with smaller keys and faster operations. It belongs to the Cryptography category of cybersecurity.
What does ECDH mean?
The elliptic-curve variant of the Diffie–Hellman key-exchange protocol, providing the same shared-secret functionality with smaller keys and faster operations.
How do you defend against ECDH?
Defences for ECDH typically combine technical controls and operational practices, as detailed in the full definition above.