Scribd
Upload
163 views22 pages

Diffie-Hellman Key Exchange Explained

The document discusses the Diffie-Hellman key exchange algorithm which allows two users to securely exchange a secret key over an insecure channel. It works by having each user generate a public-private key pair, and exchanging the public keys. Each user can then independently derive the same secret key, which can be used to encrypt subsequent communications. The security relies on the difficulty of solving the discrete logarithm problem for large prime numbers. The document also discusses digital signatures, man-in-the-middle attacks, and elliptic curve cryptography as an alternative to RSA.

Uploaded by

Zoe Khan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
163 views22 pages

Diffie-Hellman Key Exchange Explained

The document discusses the Diffie-Hellman key exchange algorithm which allows two users to securely exchange a secret key over an insecure channel. It works by having each user generate a public-private key pair, and exchanging the public keys. Each user can then independently derive the same secret key, which can be used to encrypt subsequent communications. The security relies on the difficulty of solving the discrete logarithm problem for large prime numbers. The document also discusses digital signatures, man-in-the-middle attacks, and elliptic curve cryptography as an alternative to RSA.

Uploaded by

Zoe Khan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

Public key

Cryptography

C RY P TO G R A P H I C A N D N E T W O R K S E C U R I T Y
C H A P T E R - 3 P U B L I C K E Y C RY P TO G R A P H Y P R I N C I P L E S
DIFFIE-HELLMAN KEY EXCHANGE
Introduction
The purpose of the algorithm is to enable two users to exchange a secret key securely
that then can be used for subsequent encryption of messages.
The algorithm itself is limited to the exchange of the keys.
The Diffie-Hellman algorithm depends for its effectiveness on the difficulty of
computing discrete logarithms.
Briefly, we can define the discrete logarithm in the following way. First, we define a
primitive root of a prime number p as one whose powers generate all the integers from
1 to p-1.
That is, if a is a primitive root of the prime number p, then the numbers a mod p,a 2
mod p, . . .,ap-1 mod p are distinct and consist of the integers from 1 through p-1 in some
permutation
Continued…
For any integer b less than p and a primitive root a of prime number p,
one can find a unique exponent i such that b

The exponent i is referred to as the discrete logarithm, or index, of b for


the base a, mod p. We denote this value as dloga,p(b).
Example: Generate all Cyclic Subgroups of a Group
Four cyclic subgroups can be made from the group G = <Z6, +>.
They are H1 = <{0}, +>, H2 = <{0, 2, 4}, +>, H3 = <{0, 3}, +>, and
H4 = G. (note: we try each member of the group one by one)

Main group G= <Z6, +> is cyclic group with two generators: 1 & 5

4.4
THE ALGORITHM
Continued…
Discrete Logarithm
The result is that the two sides have exchanged a secret value.
Furthermore, because XA and XB are private, an adversary only has the
following ingredients to work with: q, α, YA, and YB.
Thus, the adversary is forced to take a discrete logarithm to determine
the key. For example, to determine the private key of user B, an
adversary must compute
Security
The security of the Diffie-Hellman key exchange lies in the fact that,
while it is relatively easy to calculate exponentials modulo a prime, it is
very difficult to calculate discrete logarithms.
For large primes, the latter task is considered infeasible.
Example
Here is an example. Key exchange is based on the use of the prime
number q = 353 and a primitive root of 353, in this case α =3. A and B
select secret keys XA = 97 and XB = 233, respectively. Each computes its
public key:
Continued…
In this simple example, it would be possible to determine the secret key
160 by brute force.
In particular, an attacker E can determine the common key by
discovering a solution to the equation 3a mod 353 = 40 or the equation
3b mod 353 = 248.
The brute-force approach is to calculate powers of 3 modulo 353,
stopping when the result equals either 40 or 248.
The desired answer is reached with the exponent value of 97,which
provides 397 mod 353 = 40.
With larger numbers, the problem becomes impractical.
KEY EXCHANGE
PROTOCOLS
MAN-IN-THE-MIDDLE
ATTACK
The technique does not protect against replay attacks
Suppose Alice and Bob wish to exchange keys, and Darth is the
adversary. The attack proceeds as follows:
1. Darth prepares for the attack by generating two random private keys
XD1 and XD2, and then computing the corresponding public keys YD1 and
YD2.
Continued…
At this point, Bob and Alice think that they share a secret key. Instead Bob
and Darth share secret key K1,and Alice and Darth share secret key K2.
All future communication between Bob and Alice is compromised in the
following way:
1. Alice sends an encrypted message M:E(K2,M).
2. Darth intercepts the encrypted message and decrypts it to recover M.
3. Darth sends Bob E(K1,M) or E(K1,M'),where M' is any message.
In the first case, Darth simply wants to eavesdrop on the communication
without altering it.
In the second case, Darth wants to modify the message going to Bob.
Solution
The key exchange protocol is vulnerable to such an attack because it
does not authenticate the participants.
This vulnerability can be overcome with the use of digital signatures
and public-key certificates; these topics are explored later.
Other Public-Key
Cryptography Algorithms
DIGITAL SIGNATURE STANDARD
ELLIPTIC-CURVE CRYPTOGRAPHY
Digital Signature
Suppose that Bob wants to send a message to Alice, and although it is not
important that the message be kept secret, he wants Alice to be certain that the
message is indeed from him.
In this case, Bob uses his own private key to encrypt the message.
When Alice receives the ciphertext, she finds that she can decrypt it with Bob’s
public key, thus proving that the message must have been encrypted by Bob.
No one else has Bob’s private key, and therefore no one else could have created a
ciphertext that could be decrypted with Bob’s public key.
Therefore, the entire encrypted message serves as a digital signature.

In addition, it is impossible to alter the message without access to Bob’s private


key, so the message is authenticated both in terms of source and in terms of data
integrity.
2nd Way
Amore efficient way of achieving the same results is to encrypt a small
block of bits that is a function of the document.
Such a block, called an authenticator, must have the property that it is
infeasible to change the document without changing the authenticator.
If the authenticator is encrypted with the sender’s private key, it serves
as a signature that verifies origin, content, and sequencing.
A secure hash code such as SHA-1 can serve this function.
Continued…
It is important to emphasize that the encryption process just described
does not provide confidentiality.
That is, the message being sent is safe from alteration but not safe from
eavesdropping.
This is obvious in the case of a signature based on a portion of the
message, because the rest of the message is transmitted in the clear.
Even in the case of complete encryption, there is no protection of
confidentiality because any observer can decrypt the message by using
the sender’s public key.
ECC
The vast majority of the products and standards that use public-key
cryptography for encryption and digital signatures use RSA.
The bit length for secure RSA use has increased over recent years, and
this has put a heavier processing load on applications using RSA.
This burden has ramifications, especially for electronic commerce sites
that conduct large numbers of secure transactions.
Recently, a competing system has begun to challenge RSA: elliptic curve
cryptography (ECC).
The principal attraction of ECC compared to RSA is that it appears to
offer equal security for a far smaller bit size, thereby reducing
processing overhead
The End
Proof of Correctness

You might also like