Diffie-Hellman Key Exchange

Diffie-Hellman Key Exchange
By Will Garner
Some Preliminaries:
Def: An element g is called a generator of a group G if every element in G can be expressed as the product of finitely many powers of g.
Some Preliminaries:
Def: If p 1 is an integer, then the numbers coprime to p, taken modulo p, form a group with multiplication as its operation. It is written as (Z/pZ) or Zp*. This group is cyclic and any generator, g, of the group is called a primitive root mod p.
Some Preliminaries:
Def: The number of invertible elements modulo n is denoted by f(n). The function f is called Eulers Totient function or Eulers f-function. In particular, f(p) = p 1.
Some Preliminaries:
Def: Suppose g is a primitive root mod p. If gx y (mod p), then the discrete logarithm or index of y (to the base g) is indg(y) = x mod (f(p)).

Developed in 1976 and published in New Directions in Cryptography. The protocol allows two users to exchange a secret key over an insecure medium without any prior secrets.

The Setup:
Suppose we have two people wishing to communicate: Alice and Bob. They do not want Eve (eavesdropper) to know their message. Alice and Bob agree upon and make public two numbers g and p, where p is a prime and g is a primitive root mod p.
Note: Anyone has access to these numbers.

The Exchange:
1. Alice chooses a random number a and computes u ga (mod p), and sends u to Bob. 2. Bob chooses a random number b and computes v gb (mod p), and sends v to Alice. 3. Bob computes the key k ub (ga)b (mod p). 4. Alice computes the key k va (gb)a (mod p).
Now, both Alice and Bob have the same key, namely k = gab (mod p).

If Eve wants to compute k, then she would need either a or b. Otherwise, Eve would need to solve a Discrete Logarithm Problem.
There is no known algorithm to accomplish this in a reasonable amount of time.
Discrete Logarithm Problem

The Problem: Solve for x if y gx (mod p), given you know y, g and p. Solution 1: Brute Force. It would take p steps to calculate the solution. Each trial requires a fair amount of work. Not efficient.

The Problem: Solve for x if y gx (mod p), given you know y, g and p. Solution 2: Shanks Algorithm. This algorithm is more efficient, but it still requires p log( p ) steps. This is not practical for large p.

For example, if p =
170141183460469231731687303715884105727,
then it would take roughly 1.14824 1021 steps to solve. (Each step requires many calculations.) Even using Googles computers which are estimated to perform 300 trillion calculations per second, it would take roughly 5 years to solve.

And the above prime was found in the 1800s. Today, much larger primes exist, that would take even longer to solve using brute force. If the prime p had 300 digits and a and b had more than 100 digits, it would take longer than the life of the universe to crack with the existing methods.

Example: Suppose Alice and Bob agree to use p = 47 and g = 5. Alice chooses a number between 0 and 46, say a = 18. Bob chooses a number between 0 and 46, say b = 22.

Alice publishes ga (mod p), i.e. u = 518 (mod 47) = 2. Bob publishes gb (mod p), i.e. v = 522 (mod 47) = 28.

If Alice wants to know the secret key k, she takes Bobs public number, v = 28, and raises it to her private number, a = 18 (taking the result mod 47). This gives her: 2818 (mod 47) = 24.

If Bob wants to know the secret key, he takes Alices public number, u = 2, and raises it to his private number, b = 22 (taking the result mod 47). This gives him: 222 (mod 47) = 24.

Thus, Alice and Bob have agreed upon a secret key, k = 24.

Susceptibility: If Eve can intercept u and v, it is possible for her to substitute her own u and v. If she can intercept all communication between Alice and Bob, then she can substitute her own messages. In 1992, the exchange was modified to prevent the man-in-the-middle attack described above.

User Authentication: Alice encrypts the message, m, with her private key a, call it ma. Alice encrypts ma with Bobs public key, v, and sends the message to Bob. Bob recovers ma using his private key b and recovers m by using Alices public key u. Thus, Bob is sure that only Alice could have sent the message.

Diffie-Hellman Key Exchange

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Diffie-Hellman Key Exchange

Hochgeladen von

Copyright:

Verfügbare Formate

Diffie-Hellman Key Exchange