Computing ECDH shared secret on STM32L562 using HAL_PKA_ECCMul

Forum|Forum|5 years ago
August 6, 2020
2 replies
1742 views

Is it possible to compute the ECDH shared secret (pubkey * privkey) by using HAL_PKA_ECCMul, replacing the generator X and Y with the public key X and Y and specifying the private key as the scalar value?

Thank you.

This topic has been closed for replies.

Doug Barnes

Associate II

I understand ECC and RSA (and other) public key crypto (independent of STM32 H/W), so I can answer the question with a caveat: I'm actually here on the forum to ask a question about HAL_PKA_ECCMul, because it doesn't seem to be working for me.

In theory, each party has its own secret key (just a big scalar), and each party's public key is the Base Point (normally labeled "G") multiplied by its private key -- in other words, a new point on the curve. This should be what HAL_PKA_ECCMul does from what I've read. Then A receives B's public key (and vice versa), and each party multiplies that public key point by their private key. They will end up at the same point (in math, not necessarily on STM32 H/W). I say that because I am getting strange results (STM32U585 PKA) and I'm not sure why.

Not sure if that helps, I hope so.

Tesla DeLorean

Guru

Near identical report here https://community.st.com/t5/security-mcu/computing-ecdh-shared-secret-on-stm32u585-using-hal-pka-eccmul/td-p/572440

Perhaps we can get some eyes on this? @Jocelyn RICARD @Frantz LEFRERE @Imen.D @STOne-32

Tips, Buy me a coffee, or three.. PayPal VenmoUp vote any posts that you find helpful, it shows what's working..

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded