This blog is the example of how to use the ECDH (Elliptic Curve key generation and Diffie-Hellmen secure key exchange) and AES128 for data protection on the BLE connection instead of bonding/pairing.

This concept is referred to as Bluetooth 4.2 (LE Secure Connection). Secure connections prevent the key from being discovered by a hacker.

More information of the LE Secure connection can be found at below.

What encryption protects against and how?

  • We do not want an eavesdropper (Eve) to be able to access our data.
  • Encryption protects transmitted data
  • To access the data, it needs to be unencrypted with an encryption key
  • Pairing is used to create and exchange an encryption key that only Bob and Alice know
  • We do not want a Man In The Middle (MITM – Mallory) to intercept our data and read it or make changes to it before Bob gets it
  • Mallory needs to fool Alice and Bob into thinking they are talking to each other, but they are both talking to Mallory Alice and Bob are not paired together
  • Authentication allo1ws Bob and Alice to check if there is a MITM before they exchange keys


Alice and Bob aim to exchange information using a public key cryptosystem.

  1. They publicly choose a cyclic group G and a generator x of G.
  2. Alice and Bob choose private keys a and b respectively, where a and b are random integers.
  3. Alice computes xa , Bob computes xb and they exchange these values over an insecure network.
  4. On receiving the information from each other, both Alice and Bob compute the a value xab using their private keys and the fact that xab = (xa ) b = (xb ) .

Now, both Alice and Bob share a secret, namely, the value xab. That is, Alice and Bob have exchanged a key, xab, that can now be used in a conventional cryptosystem to encrypt any messages between Alice and Bob.

ECDH key share的图片搜寻结果

By using both private key and public key, the shared secret key would be generated. And then it would use for the AES128 for symmetric encryption.

AES128 Encryption / Decryption

I did the example on the nRF51 with SDK 12.3. You can find such example code at . Example SES project is ble_app_uart_bas_ecdh_aes128.

Welcome to provide any comments. If this blog is useful for you, please give a “Like” for appreciation.