Elliptic Curve Integrated Encryption Scheme

Description

The Elliptic Curve Integrated Encryption Scheme (ECIES) is a public-key encryption scheme standardized by multiple bodies, including SECG and ISO, and adopted by 3GPP for specific security functions. It is a hybrid cryptosystem, meaning it efficiently combines asymmetric and symmetric cryptographic techniques. The scheme uses Elliptic Curve Cryptography (ECC) for the key encapsulation part, deriving a shared secret, and then uses symmetric algorithms for the actual data encryption and integrity protection. Within 3GPP, ECIES is specified as a cryptographic algorithm suite for certain protection mechanisms, notably for encrypting and integrity-protecting NAS transport messages carrying UE policy data from the policy control function to the UE.

The scheme operates in several distinct stages. First, the key generation stage involves an entity (e.g., a network function) generating an elliptic curve key pair: a private key and a corresponding public key. The encryption process, performed by the sender (e.g., the PCF), involves generating an ephemeral elliptic curve key pair, using the recipient's (UE's) public key and its own ephemeral private key to compute a shared secret via Elliptic Curve Diffie-Hellman (ECDH). This shared secret is then passed through a Key Derivation Function (KDF) to generate symmetric keys for encryption and Message Authentication Code (MAC) generation. The actual plaintext is encrypted using a symmetric encryption algorithm (like AES). Finally, a MAC is computed over the ciphertext and other parameters. The transmitted message consists of the ephemeral public key, the ciphertext, and the MAC.

On the decryption side, the recipient (UE) uses its own static private key and the received ephemeral public key to compute the same shared secret, derive the same symmetric keys, verify the MAC, and then decrypt the ciphertext. Its role in the 3GPP network is highly specialized. It is primarily employed in the 5G core network for the secure delivery of UE policies (URSP, ANDSP) from the Policy Control Function (PCF) to the UE via the Access and Mobility Management Function (AMF) using NAS transport procedures. This ensures that sensitive policy rules, which dictate how the UE should route traffic, are delivered confidentially and with integrity, preventing tampering or eavesdropping.

Purpose & Motivation

ECIES was adopted by 3GPP to address the need for an efficient, standardized public-key encryption scheme suitable for constrained environments and specific use cases within the 5G security architecture. The primary problem it solves is the secure point-to-point delivery of sensitive configuration data (UE policies) from the network to the device. Previous methods might have relied on security established at lower layers (like AS and NAS ciphering) or simpler schemes, but the delivery of management policies required a dedicated, end-to-end cryptographic protection mechanism that is independent of the access stratum security context.

The motivation for choosing ECIES over other public-key schemes like RSA lies in the advantages of Elliptic Curve Cryptography. ECC provides equivalent security to RSA with significantly smaller key sizes (e.g., a 256-bit ECC key offers security comparable to a 3072-bit RSA key). This results in smaller message overhead (smaller public keys to transmit), reduced computational burden (faster operations), and lower power consumption—all critical factors for battery-powered UEs. By integrating the key agreement, encryption, and MAC into one standardized scheme, ECIES provides a compact and cryptographically sound solution. Its introduction in Release 14 for this specific purpose filled a gap in the policy provisioning mechanism, ensuring that network-originated control plane commands that directly influence UE behavior are protected with strong, modern cryptography.