ECDH

Elliptic Curve Diffie–Hellman (ECDH) is the elliptic-curve form of the Diffie–Hellman key exchange. Each party generates a key pair on a chosen curve, exchanges the public point, then multiplies the peer's public point by its own private scalar to obtain the same shared point; a hash or key-derivation function then converts the point into one or more symmetric keys. ECDH offers equivalent security to traditional DH at much smaller key sizes — for example, 256-bit Curve25519 or P-256 provides ~128-bit security, where finite-field DH would need 3072-bit primes. The ephemeral variant ECDHE is the cornerstone of forward-secret handshakes in TLS 1.3, modern SSH, WireGuard, and the Signal Protocol. Like DH, ECDH on its own provides no authentication; it must be paired with signatures, certificates, or other identity mechanisms.