Scribd
Upload
5 views24 pages

Module3 - 3.2 Diffie Hellman

The document discusses the Diffie-Hellman key exchange method for symmetric key agreement, allowing two parties, Alice and Bob, to create a session key without a Key Distribution Center. It outlines the algorithm's reliance on a large prime number and a primitive root, detailing the process of generating public keys and computing the shared secret key. Additionally, it highlights real-world applications and security considerations, including the importance of large primes to mitigate discrete logarithm attacks.

Uploaded by

HARSH MAGHNANI
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
5 views24 pages

Module3 - 3.2 Diffie Hellman

The document discusses the Diffie-Hellman key exchange method for symmetric key agreement, allowing two parties, Alice and Bob, to create a session key without a Key Distribution Center. It outlines the algorithm's reliance on a large prime number and a primitive root, detailing the process of generating public keys and computing the shared secret key. Additionally, it highlights real-world applications and security considerations, including the importance of large primes to mitigate discrete logarithm attacks.

Uploaded by

HARSH MAGHNANI
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 24

Chapter 3

Symmetric key agreement:

3.2 Diffie Hellman Key Exchange


Agreement

1
SYMMETRIC-KEY AGREEMENT

• Alice and Bob can create a session key between


themselves without using a KDC(Key Distribution
Center).
• This method of session-key creation is referred to as
the symmetric-key agreement.

1 Diffie-Hellman Key Agreement


2 Station-to-Station Key Agreement

2
Diffie-Hellman Key Exchange
●By Diffie & Hellman in 1976 “New Directions in
Cryptography”
●Algorithm limited for exchange of secrete values.
● G=⟨Zp∗​,×⟩ defines the multiplicative group of integers modulo p, a

.
cyclic group used in Diffie-Hellman

●g is a primitive root of the prime number p, then the


numbers
g mod p, g2mod p, g3mod p ......., gp-1 mod p
are distinct and consists of 1 through p-1 in some
permutation.

3
Diffie-Hellman Key Exchange
Show that a=7 is primitive root of p=13.
1. 7 mod 13 =7
2. 72mod 13 =10
3. 73mod 13 =5
4. 74mod 13 =9
5. 75mod 13 =11
6. 76mod 13 = 12
7. 77mod 13 =6
8. 78mod 13 = 3
9. 79mod 13 = 8
10.710mod 13 =4
11.711mod 13 =2
4 12.712mod 13 =1
Multiplicative group of integers modulo p

5
Diffie-Hellman Key Exchange
● For any integer ‘R’ and primitive root a of prime
number p, we can find unique exponent x such that
● R ≡ gx(mod p) where 0 ≤ i ≤ (p-1)
● the exponent ‘x’ is referred as discrete logarithm of
‘b’ for base a, mod p.
● It is expressed as x=dloga,p(b)

6
Diffie-Hellman Agreement
●All users agree on global parameters:
●large prime integer ‘p’.
●‘g’ is a primitive root mod p.

●User A generates key


●chooses a secret key (number): x < p
●compute public key: R1= gx mod p
● other user makes use of that public key R1.

7
Diffie-Hellman Key Agreement

K=R2x mod p K=R 1x mod p


K= gxy mod p K= g xy mod p
8
9
(Bob received R1 from Alice)

(Alice received R2 from Alice)

10
11
Real-World Applications of the Diffie-Hellman
Algorithm

● Secure Internet Communication(TLS/SSL)


● VPNs (Virtual Private Networks)
● Cryptographic Protocols (SSH, PGP, IPsec)
SSH (Secure Shell): Used for secure remote login
PGP: Encrypts emails using DH-based key exchange.
● Wireless Security (WPA3, Bluetooth, Zigbee)
● Blockchain & Cryptocurrencies
● Industrial IoT (IIoT) and SCADA Systems
SCADA (Supervisory Control and Data Acquisition) systems use DH-based encryption to protect critical
infrastructure from cyber threats.
12
14
Example 2
● more realistic example.
● We used a program to create a random integer of 512 bits (the
ideal is 1024 bits).
● The integer p is a 159-digit number. We also choose g, x, and y as
shown below:

15
The following shows the values of R1, R2, and K.

16
17
Discrete Logarithm Attack
● Security of key exchange is based on difficulty of
discrete logarithm problem.
● Attacker can intercept R1 and R2.
● If he can find x from R1=gx mod p and y from
R2=gy mod p then he can calculate K=gxy mod p
● If attacker is able to take discrete logarithm will
be able to find x and y.
● x=dloga,p(R1)
● y=dloga,p(R2)

18 Compiled By Dr.(Mrs.)Rohini Temkar 8/1/2018


Discrete Logarithm Attack
To make Diffie Hellman safe from Discrete Logarithm
attack.

1. Prime p must be very large(more than 300 decimal


digits).
2. Prime p must be chosen such that p-1 has at least one
large prime factor (more than 60 decimal digits).
3. Alice and Bob must delete x and y once they calculate
symmetric key.
19
Man-in-the-middle attack

20
21
22
23
24
25

You might also like