Bouncy Castle ECIES compressed format

Question

I am using the bouncy castle ECIES with AES in CBC mode provider to encrypt data:

Cipher iesCipher = Cipher.getInstance("ECIESWITHAES-CBC");
iesCipher.init(Cipher.ENCRYPT_MODE, publicKey);
byte[] ciphertext = iesCipher.doFinal(plaintext);

This results in a ciphertext with the format:

0x04 || coordinate x || coordinate y || PKCS5 padded ciphertext || 20-byte HMAC-digest

The 0x04 indicates the uncompressed format, where the y coordinate is also stored. Using eg. secp256k1, this results in 32 byte unnecessary overhead.

Now I would like to use the compressed format with 0x02 and 0x03 prefixes.

Unfortunately, I didn't find a specification of the parameters to use to achieve this.

Marc Marc · Accepted Answer · 2018-11-30T08:28:53

I managed to solve this by setting the usePointCompression flag in the BC IESParameterSpec to true.

The point compression flag is false by default.

Unfortunately, this flag is not part of their ECIESTest, so I used their encryption mode configuration (derivation, encoding and initialization vectors) to try out the flag:

byte[] derivation = Hex.decode("202122232425262728292a2b2c2d2e2f");
byte[] encoding = Hex.decode("303132333435363738393a3b3c3d3e3f");
byte[] nonce = Hex.decode("000102030405060708090a0b0c0d0e0f");

Cipher c = Cipher.getInstance("ECIESwithAES-CBC", "BC");
IESParameterSpec params = new IESParameterSpec(derivation, encoding, 128, 128, nonce, true);
c.init(Cipher.ENCRYPT_MODE, publicKey, params);
byte[] ciphertext = c.doFinal(plaintext);

This results in the desired format:

0x02 || coordinate x || PKCS5 padded ciphertext || 20-byte HMAC-digest
0x03 || coordinate x || PKCS5 padded ciphertext || 20-byte HMAC-digest

Depending on the corresponding y-coordinate (positve/negative).

Bouncy Castle ECIES compressed format

1 Answers