AECDH

The AECDH cipher (Anonymous Elliptic Curve Diffie-Hellman) is based on the Diffie-Hellman protocol and enhanced with elliptic-curve cryptography. In the Diffie-Hellman scheme, the keyed one-way function is formed by repeatedly multiplying the input to the function by itself. In the ECDH cipher (Elliptic Curve Diffie-Hellman), the input and output are points on the curve, and the key is an integer.

When ECDH is used without entity authentication it is known as Anonymous ECDH (AECDH). When it is used with an additional authentication scheme, such as one based on digital signatures and certificates it is called ephemeral ECDH (ECDHE or EECDH).

A cryptographic key is called ephemeral if it is generated for each execution of a key establishment process.

Used in this way, ECDHE can provide Perfect Forward Secrecy meaning that disclosure of the key used to protect one message cannot lead to the disclosure of the keys protecting other messages. In some cases ephemeral keys are used more than once, such as within a single session, but Forward Secrecy would not apply.