Diffie-Hellman Algorithm

Presented By:
Rashi Jain, Kamshin, Saloni, Divya
 Review
 Introduction
 Algorithm
 Example
 Applications
 IP Security
 Advantages & Disadvantages
 Conclusion
 Introduction
 Diffie-Hellman key exchange(D-H) is the first practical method
of securely exchanging cryptographic keys over an insecure
channel.
 Originally conceptualized by Ralph Merkle and named
after Whitfield Diffie and Martin Hellman(1976).
 The point is to agree on a key that two parties can use for a
symmetric encryption, in such a way that an eavesdropper cannot
obtain the key.
 Diffie-Hellman key exchange
 Allows two users to exchange a secret key,
 Requires no prior secrets,
 Real-time over an untrusted network.
 Based on the difficulty of computing discrete logarithms of large
numbers.
 No known successful attack strategies.
 Requires two large numbers, one prime (P), and (G), a primitive
root of P.
 Algorithm
 It involves 5 steps:
 Global Public Elements
 User A(sender) Key Generation
 User B(receiver) Key Generation
 Generation of Secret Key by User A
 Generation of Secret Key by User B
 Global public elements
 Assume prime number, q.
 Select α such that α < q and α is primitive root of q.
(for any number p ,if we have number a number a such that power of a and
p generate all the numbers between l to p-1 then a is called primitive root of
p.)
 To calculate the primitive root α we will use the table.

 User A key generation

Select private key 𝑋𝐴 𝑋𝐴 <q
Calculate public key 𝑌𝐴 =α 𝑋𝐴 modq
 User B key generation
Select private key 𝑋𝐵 𝑋𝐵 <q
Calculate public key 𝑌𝐵 𝑌𝐵 = α 𝑋𝐵 modq

 Generation of secret key by User A

K= (𝑌𝐵 )𝐴𝑋 modq

 Generation of secret key by user B

K=(𝑌𝐴 )𝐵𝑋 modq
Diffie-Hellman Key Exchange
Example
 Applications
 Diffie-Hellman is currently used in many protocols, namely:
 Secure Sockets Layer (SSL)/Transport Layer Security (TLS)
 Secure Shell (SSH)
 Internet Protocol Security (IPSec)
 Public Key Infrastructure (PKI)
 ElGamal Cryptography
 Internet Protocol Security
 Internet Protocol Security(IPSec) is a secure network protocol
suite that authenticates and encrypts the packets of data sent
over an IP network. It is used in Virtual Private Networks(VPNs)
 It is a suite of protocols introduced by the Internet
Engineering Task Force(IETF) to aid in a configuring
communications channel between multiple machines.
 IPSec has two goals:
 To protect security packets.
 To provide defense against network attacks.
 IPSec uses D-H and symmetric cryptography to establish
identities, preferred algorithms and a shared secret.
 Before IPSec can begin encrypting the data stream, some
preliminary information exchange is necessary.
 This is accomplished with the Internet Key Exchange (IKE)
protocol.
 IKE uses D-H to produce a shared secret via the usual
mechanisms, and then authenticate each other; after that, the
secret key is used for encryption purposes.
 This shared secret key is never exchanged over the insecure
channel.
 Advantages & Disadvantages

 Advantages:
 The sender and receiver have no prior knowledge of each other.
 Communication can take place ove an insecure channel.
 Sharing of secret key is safe.
 Disadvantages:
 Can’t use for asymmetric key exchange.
 Can’t use for signing digital signature.
 The nature of D-H key exchange does make it susceptible to
man in the middle attack since it doesn’t authenticate either
party involved in the exchange.
 Conclusion
 Authenticated Diffie-Hellman Key Agreement (1992)
 Defeats middleperson attack
 Diffie-Hellman POP Algorithm
 Enhances IPSec layer
 Diffie-Hellman continues to play large role in secure protocol
creation.
 References
 Wikkipedia
 http://www.sans.org/reading_room/whitepapers/vpns/review-
diffie-hellman-algorithm-secure-internetprotocols_751
 http://www.sans.org/rr/encryption/algorithm.php
Thank
You