ECIES

Elliptic Curve Integrated Encryption Scheme

Security
Introduced in Rel-14
ECIES is a hybrid encryption scheme combining elliptic curve cryptography for key agreement with symmetric encryption for data confidentiality. It is used in 3GPP for securing protocols like the 5G NAS transport of UE policies, providing efficient and strong encryption with a small key size.

Description

The Elliptic Curve Integrated Encryption Scheme (ECIES) is a public-key encryption scheme standardized by multiple bodies, including SECG and ISO, and adopted by 3GPP for specific security functions. It is a hybrid cryptosystem, meaning it efficiently combines asymmetric and symmetric cryptographic techniques. The scheme uses Elliptic Curve Cryptography (ECC) for the key encapsulation part, deriving a shared secret, and then uses symmetric algorithms for the actual data encryption and integrity protection. Within 3GPP, ECIES is specified as a cryptographic algorithm suite for certain protection mechanisms, notably for encrypting and integrity-protecting NAS transport messages carrying UE policy data from the policy control function to the UE.

The scheme operates in several distinct stages. First, the key generation stage involves an entity (e.g., a network function) generating an elliptic curve key pair: a private key and a corresponding public key. The encryption process, performed by the sender (e.g., the PCF), involves generating an ephemeral elliptic curve key pair, using the recipient's (UE's) public key and its own ephemeral private key to compute a shared secret via Elliptic Curve Diffie-Hellman (ECDH). This shared secret is then passed through a Key Derivation Function (KDF) to generate symmetric keys for encryption and Message Authentication Code (MAC) generation. The actual plaintext is encrypted using a symmetric encryption algorithm (like AES). Finally, a MAC is computed over the ciphertext and other parameters. The transmitted message consists of the ephemeral public key, the ciphertext, and the MAC.

On the decryption side, the recipient (UE) uses its own static private key and the received ephemeral public key to compute the same shared secret, derive the same symmetric keys, verify the MAC, and then decrypt the ciphertext. Its role in the 3GPP network is highly specialized. It is primarily employed in the 5G core network for the secure delivery of UE policies (URSP, ANDSP) from the Policy Control Function (PCF) to the UE via the Access and Mobility Management Function (AMF) using NAS transport procedures. This ensures that sensitive policy rules, which dictate how the UE should route traffic, are delivered confidentially and with integrity, preventing tampering or eavesdropping.

Purpose & Motivation

ECIES was adopted by 3GPP to address the need for an efficient, standardized public-key encryption scheme suitable for constrained environments and specific use cases within the 5G security architecture. The primary problem it solves is the secure point-to-point delivery of sensitive configuration data (UE policies) from the network to the device. Previous methods might have relied on security established at lower layers (like AS and NAS ciphering) or simpler schemes, but the delivery of management policies required a dedicated, end-to-end cryptographic protection mechanism that is independent of the access stratum security context.

The motivation for choosing ECIES over other public-key schemes like RSA lies in the advantages of Elliptic Curve Cryptography. ECC provides equivalent security to RSA with significantly smaller key sizes (e.g., a 256-bit ECC key offers security comparable to a 3072-bit RSA key). This results in smaller message overhead (smaller public keys to transmit), reduced computational burden (faster operations), and lower power consumption—all critical factors for battery-powered UEs. By integrating the key agreement, encryption, and MAC into one standardized scheme, ECIES provides a compact and cryptographically sound solution. Its introduction in Release 14 for this specific purpose filled a gap in the policy provisioning mechanism, ensuring that network-originated control plane commands that directly influence UE behavior are protected with strong, modern cryptography.

Key Features

  • Hybrid encryption scheme combining ECC and symmetric cryptography
  • Based on Elliptic Curve Diffie-Hellman (ECDH) for key agreement
  • Provides both confidentiality (encryption) and integrity (MAC)
  • Uses ephemeral keys for forward secrecy in some profiles
  • Defined as a complete algorithm suite with specified KDF, encryption, and MAC functions
  • Offers high security with small key sizes, efficient for UE implementation

Evolution Across Releases

Rel-14 Initial

Introduced ECIES as the cryptographic algorithm for protecting UE policy delivery in the 5G system. Specified its use within the NAS transport security mechanism for the UE Parameters Update procedure. Defined the specific elliptic curves (e.g., secp256r1), KDF, and symmetric algorithms (AES-CTR, HMAC-SHA-256) to be used in the 3GPP profile of ECIES.

TS 24.501TS 33.841TS 33.885TS 33.938

Defining Specifications

SpecificationTitle
TS 24.501 3GPP TS 24.501
TS 33.841 3GPP TR 33.841
TS 33.885 3GPP TR 33.885
TS 33.938 3GPP TR 33.938