As a brief and informal description and overview of how IES works, a Discrete Logarithm Integrated Encryption Scheme (DLIES) is used, focusing on illuminating the reader's understanding, rather than precise technical details.

1. Alice learns Bob's public key ${\displaystyle g^{x}}$  through a public key infrastructure or some other distribution method.
   Bob knows his own private key ${\displaystyle x}$ .
2. Alice generates a fresh, ephemeral value ${\displaystyle y}$ , and its associated public value ${\displaystyle g^{y}}$ .
3. Alice then computes a symmetric key ${\displaystyle k}$  using this information and a key derivation function (KDF) as follows: ${\displaystyle k={\textrm {KDF}}(g^{xy})}$ 
4. Alice computes her ciphertext ${\displaystyle c}$  from her actual message ${\displaystyle m}$  (by symmetric encryption of ${\displaystyle m}$ ) encrypted with the key ${\displaystyle k}$  (using an authenticated encryption scheme) as follows: ${\displaystyle c=E(k;m)}$ 
5. Alice transmits (in a single message) both the public ephemeral ${\displaystyle g^{y}}$  and the ciphertext ${\displaystyle c}$ .
6. Bob, knowing ${\displaystyle x}$  and ${\displaystyle g^{y}}$ , can now compute ${\displaystyle k={\textrm {KDF}}(g^{xy})}$  and decrypt ${\displaystyle m}$  from ${\displaystyle c}$ .

Note that the scheme does not provide Bob with any assurance as to who really sent the message: This scheme does nothing to stop anyone from pretending to be Alice.

Required information edit

To send an encrypted message to Bob using ECIES, Alice needs the following information:

• The cryptography suite to be used, including a key derivation function (e.g., ANSI-X9.63-KDF with SHA-1 option), a message authentication code (e.g., HMAC-SHA-1-160 with 160-bit keys or HMAC-SHA-1-80 with 80-bit keys) and a symmetric encryption scheme (e.g., TDEA in CBC mode or XOR encryption scheme) — noted ${\displaystyle E}$ .
• The elliptic curve domain parameters: ${\displaystyle (p,a,b,G,n,h)}$  for a curve over a prime field or ${\displaystyle (m,f(x),a,b,G,n,h)}$  for a curve over a binary field.
• Bob's public key ${\displaystyle K_{B}}$ , which Bob generates it as follows: ${\displaystyle K_{B}=k_{B}G}$ , where ${\displaystyle k_{B}\in [1,n-1]}$  is the private key he chooses at random.
• Some optional shared information: ${\displaystyle S_{1}}$  and ${\displaystyle S_{2}}$ 
• ${\displaystyle O}$  which denotes the point at infinity.

Encryption edit

To encrypt a message ${\displaystyle m}$  Alice does the following:

1. generates a random number ${\displaystyle r\in [1,n-1]}$  and calculates ${\displaystyle R=rG}$ 
2. derives a shared secret: ${\displaystyle S=P_{x}}$ , where ${\displaystyle P=(P_{x},P_{y})=rK_{B}}$  (and ${\displaystyle P\neq O}$ )
3. uses a KDF to derive symmetric encryption keys and MAC keys: ${\displaystyle k_{E}\|k_{M}={\textrm {KDF}}(S\|S_{1})}$ 
4. encrypts the message: ${\displaystyle c=E(k_{E};m)}$ 
5. computes the tag of encrypted message and ${\displaystyle S_{2}}$ : ${\displaystyle d={\textrm {MAC}}(k_{M};c\|S_{2})}$ 
6. outputs ${\displaystyle R\|c\|d}$ 

Decryption edit

To decrypt the ciphertext ${\displaystyle R\|c\|d}$  Bob does the following:

1. derives the shared secret: ${\displaystyle S=P_{x}}$ , where ${\displaystyle P=(P_{x},P_{y})=k_{B}R}$  (it is the same as the one Alice derived because ${\displaystyle P=k_{B}R=k_{B}rG=rk_{B}G=rK_{B}}$ ), or outputs failed if ${\displaystyle P=O}$ 
2. derives keys the same way as Alice did: ${\displaystyle k_{E}\|k_{M}={\textrm {KDF}}(S\|S_{1})}$ 
3. uses MAC to check the tag and outputs failed if ${\displaystyle d\neq {\textrm {MAC}}(k_{M};c\|S_{2})}$ 
4. uses symmetric encryption scheme to decrypt the message ${\displaystyle m=E^{-1}(k_{E};c)}$ 

• SECG, Standards for efficient cryptography, SEC 1: Elliptic Curve Cryptography, Version 2.0, May 21, 2009.
• Gayoso Martínez, Hernández Encinas, Sánchez Ávila: A Survey of the Elliptic Curve Integrated Encryption Scheme, Journal of Computer Science and Engineering, 2, 2 (2010), 7–13.
• Ladar Levison: Code for using ECIES to protect data (ECC + AES + SHA), openssl-devel mailing list, August 6, 2010.
• IEEE 1363a (non-public standard) specifies DLIES and ECIES
• ANSI X9.63 (non-public standard)
• ISO/IEC 18033-2 (non-public standard)
• Victor Shoup, A proposal for an ISO standard for public key encryption, Version 2.1, December 20, 2001.
• Abdalla, Michel and Bellare, Mihir and Rogaway, Phillip: DHIES: An Encryption Scheme Based on the Diffie–Hellman Problem, IACR Cryptology ePrint Archive, 1999.