Diffie-Hellman key exchange

Diffie-Hellman key exchange (D-H) is a cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. A security protocol ( cryptographic protocol or encryption protocol) is an abstract or concrete protocol that performs a security -related function In Cryptography, a key is a piece of information (a Parameter) that determines the functional output of a cryptographic algorithm Communication is the process of conveying information from a sender to a receiver with the use of a medium in which the communicated information is understood the same way This key can then be used to encrypt subsequent communications using a symmetric key cipher. Symmetric-key algorithms are a class of Algorithms for Cryptography that use trivially related often identical Cryptographic keys for both decryption In Cryptography, a cipher (or cypher) is an Algorithm for performing Encryption and Decryption &mdash a series of well-defined steps

Synonyms of Diffie-Hellman key exchange include:

Diffie-Hellman key agreement
Diffie-Hellman key establishment
Diffie-Hellman key negotiation
Exponential key exchange

The scheme was first published publicly by Whitfield Diffie and Martin Hellman in 1976, although it later emerged that it had been invented a few years earlier within GCHQ, the British signals intelligence agency, by Malcolm J. Williamson but was kept classified. Bailey Whitfield 'Whit' Diffie (born June 5 1944) is a US Cryptographer and one of the pioneers of Public-key cryptography. Martin Edward Hellman (born October 2, 1945) is a cryptologist, famous for his invention of Public key cryptography in cooperation with Year 1976 ( MCMLXXVI) was a Leap year starting on Thursday (link will display full calendar of the Gregorian calendar. The Government Communications Headquarters (GCHQ is a British Intelligence agency responsible for providing Signals intelligence (SIGINT and Information Malcolm J Williamson discovered in 1974 what is now known as Diffie-Hellman key exchange. In 2002, Hellman suggested the algorithm be called Diffie-Hellman-Merkle key exchange in recognition of Ralph Merkle's contribution to the invention of public-key cryptography (Hellman, 2002). See also 2002 (disambiguation Year 2002 ( MMII) was a Common year starting on Tuesday of the Gregorian calendar. Ralph C Merkle (born February 2, 1952) is a pioneer in Public key cryptography, and more recently a researcher and speaker on Molecular nanotechnology Public-key cryptography, also known as asymmetric cryptography, is a form of Cryptography in which the key used to encrypt a message differs from the key

Although Diffie-Hellman key agreement itself is an anonymous (non-authenticated) key-agreement protocol, it provides the basis for a variety of authenticated protocols, and is used to provide perfect forward secrecy in Transport Layer Security's ephemeral modes. In Cryptography, a key-agreement protocol is a protocol whereby two or more parties can agree on a key in such a way that both influence the outcome In an authenticated Key-agreement protocol that uses Public key cryptography, perfect forward secrecy (or PFS) is the property that ensures that a session Transport Layer Security ( TLS) and its predecessor Secure Sockets Layer ( SSL) are Cryptographic protocols that provide secure

1 History of the protocol
2 Description
- 2.1 Chart
3 Security
- 3.1 Authentication
4 References
5 See also
6 External links

History of the protocol

Diffie-Hellman key agreement was invented in 1976 during a collaboration between Whitfield Diffie and Martin Hellman and was the first practical method for establishing a shared secret over an unprotected communications channel. Year 1976 ( MCMLXXVI) was a Leap year starting on Thursday (link will display full calendar of the Gregorian calendar. In Cryptography, a shared secret is a piece of data only known to the parties involved in a secure communication Ralph Merkle's work on public key distribution was an influence. Ralph C Merkle (born February 2, 1952) is a pioneer in Public key cryptography, and more recently a researcher and speaker on Molecular nanotechnology John Gill suggested application of the discrete logarithm problem. In Mathematics, specifically in Abstract algebra and its applications discrete logarithms are group-theoretic analogues of ordinary Logarithms It had been discovered by Malcolm Williamson of GCHQ in the UK some years previously, but GCHQ chose not to make it public until 1997, by which time it had no influence on research in academia. Malcolm J Williamson discovered in 1974 what is now known as Diffie-Hellman key exchange. The Government Communications Headquarters (GCHQ is a British Intelligence agency responsible for providing Signals intelligence (SIGINT and Information The United Kingdom of Great Britain and Northern Ireland, commonly known as the United Kingdom, the UK or Britain,is a Sovereign state located Year 1997 ( MCMXCVII) was a Common year starting on Wednesday (link will display full 1997 Gregorian calendar

The method was followed shortly afterwards by RSA, another implementation of public key cryptography using asymmetric algorithms. In Cryptography, RSA is an Algorithm for Public-key cryptography. Public-key cryptography, also known as asymmetric cryptography, is a form of Cryptography in which the key used to encrypt a message differs from the key

In 2002, Martin Hellman wrote:

The system. See also 2002 (disambiguation Year 2002 ( MMII) was a Common year starting on Tuesday of the Gregorian calendar. . . has since become known as Diffie-Hellman key exchange. While that system was first described in a paper by Diffie and me, it is a public key distribution system, a concept developed by Merkle, and hence should be called 'Diffie-Hellman-Merkle key exchange' if names are to be associated with it. I hope this small pulpit might help in that endeavor to recognize Merkle's equal contribution to the invention of public key cryptography. [1]

U.S. Patent 4,200,770 , now expired, describes the algorithm and credits Hellman, Diffie, and Merkle as inventors.

Description

Diffie-Hellman key exchange

The simplest, and original, implementation of the protocol uses the Multiplicative group of integers modulo p, where p is prime and g is primitive root mod p. In Modular arithmetic the set of Congruence classes Relatively prime to the modulus n form a group under multiplication called the multiplicative In Mathematics, a prime number (or a prime) is a Natural number which has exactly two distinct natural number Divisors 1 In Modular arithmetic, a branch of Number theory, a primitive root modulo n is any number g with the property that any number Coprime Here is an example of the protocol:

Alice
Sec		Calc
	p, g
a
		g^a mod p
	…
	(g^b mod p)^a mod p

$\rightarrow$

$\leftarrow$

Bob
Calc		Sec
	p, g
		b
	…
g^b mod p
	(g^a mod p)^b mod p

Alice and Bob agree to use a prime number p=23 and base g=5. The names Alice and Bob are commonly used placeholders for archetypal characters in fields such as Cryptography and Physics.
Alice chooses a secret integer a=6, then sends Bob (g^a mod p)
- 5⁶ mod 23 = 8.
Bob chooses a secret integer b=15, then sends Alice (g^b mod p)
- 5¹⁵ mod 23 = 19.
Alice computes (g^b mod p)^a mod p
- 19⁶ mod 23 = 2.
Bob computes (g^a mod p)^b mod p
- 8¹⁵ mod 23 = 2.

Both Alice and Bob have arrived at the same value, because g^ab and g^ba are equal. Note that only a, b and g^ab = g^ba are kept secret. All the other values are sent in the clear. Once Alice and Bob compute the shared secret they can use it as an encryption key, known only to them, for sending messages across the same open communications channel. Of course, much larger values of a, b, and p would be needed to make this example secure, since it is easy to try all the possible values of g^ab mod 23 (there will be, at most, 22 such values, even if a and b are large). If p were a prime of at least 300 digits, and a and b were at least 100 digits long, then even the best algorithms known today could not find a given only g, p, and g^a mod p, even using all of mankind's computing power. The problem is known as the discrete logarithm problem. In Mathematics, specifically in Abstract algebra and its applications discrete logarithms are group-theoretic analogues of ordinary Logarithms Note that g need not be large at all, and in practice is usually either 2 or 5.

Here's a more general description of the protocol:

Alice and Bob agree on a finite cyclic group G and a generating element g in G. In Group theory, a cyclic group or monogenous group is a group that can be generated by a single element in the sense that the group has an In Abstract algebra, a generating set of a group G is a Subset S such that every element of G can be expressed as the (This is usually done long before the rest of the protocol; g is assumed to be known by all attackers. ) We will write the group G multiplicatively.
Alice picks a random natural number a and sends g^a to Bob. In Mathematics, a natural number (also called counting number) can mean either an element of the set (the positive Integers or an
Bob picks a random natural number b and sends g^b to Alice.
Alice computes (g^b)^a.
Bob computes (g^a)^b.

Both Alice and Bob are now in possession of the group element g^ab, which can serve as the shared secret key. The values of (g^b)^a and (g^a)^b are the same because groups are power associative. In Abstract algebra, power associativity is a weak form of Associativity. (See also exponentiation. )

Chart

Here is a chart to help simplify who knows what. (Eve is an eavesdropper—she watches what is sent between Alice and Bob, but she does not alter the contents of their communications. Eavesdropping is the act of surreptitiously listening to a private conversation )

Let s = shared secret key. s = 2

Let a = Alice's private key. a = 6

Let b = Bob's private key. b = 15

Let g = public base. g=5

Let p = public (prime) number. p = 23

Alice
knows	doesn't know
p = 23	b = 15
base g = 5
a = 6
5⁶ mod 23 = 8
5^b mod 23 = 19
19⁶ mod 23 = 2
8^b mod 23 = 2
19⁶ mod 23 = 8^b mod 23
s = 2

Bob
knows	doesn't know
p = 23	a = 6
base g = 5
b = 15
5¹⁵ mod 23 = 19
5^a mod 23 = 8
8¹⁵ mod 23 = 2
19^a mod 23 = 2
8¹⁵ mod 23 = 19^a mod 23
s = 2

Eve
knows	doesn't know
p = 23	a = 6
base g = 5	b = 15
	s = 2
5^a mod 23 = 8
5^b mod 23 = 19
19^a mod 23 = s
8^b mod 23 = s
19^a mod 23 = 8^b mod 23

Note: It should be difficult for Alice to solve for Bob's private key or for Bob to solve for Alice's private key. If it isn't difficult for Alice to solve for Bob's private key (or vice versa), Eve may simply substitute her own private / public key pair, plug Bob's public key into her private key, produce a fake shared secret key, and solve for Bob's private key (and use that to solve for the shared secret key. Eve may attempt to choose a public / private key pair that will make it easy for her to solve for Bob's private key).

Security

The protocol is considered secure against eavesdroppers if G and g are chosen properly. The eavesdropper ("Eve") must solve the Diffie-Hellman problem to obtain g^ab. The names Alice and Bob are commonly used placeholders for archetypal characters in fields such as Cryptography and Physics. The Diffie-Hellman problem (DHP is the name of a specific problem in Cryptography which was first proposed by Whitfield Diffie and Martin Hellman. This is currently considered difficult. An efficient algorithm to solve the discrete logarithm problem would make it easy to compute a or b and solve the Diffie-Hellman problem, making this and many other public key cryptosystems insecure. In Mathematics, specifically in Abstract algebra and its applications discrete logarithms are group-theoretic analogues of ordinary Logarithms

The order of G should be prime or have a large prime factor to prevent use of the Pohlig-Hellman algorithm to obtain a or b. A group ( G, • is a set G closed under a Binary operation • satisfying the following 3 Axioms: In mathematics the Pohlig–Hellman algorithm is an Algorithm for the computation of Discrete logarithms in a Multiplicative group whose order is a For this reason, a Sophie Germain prime q is sometimes used to calculate p=2q+1, called a safe prime, since the order of G is then only divisible by 2 and q. In Number theory, a Prime number p is a Sophie Germain prime if 2 p + 1 is also prime A safe prime is a Prime number of the form 2 p + 1 where p is also a prime g is then sometimes chosen to generate the order q subgroup of G, rather than G, so that the Legendre symbol of g^a never reveals the low order bit of a. The Legendre symbol or quadratic character is a function introduced by Adrien-Marie Legendre in 1798 during his partly successful attempt to prove the Law of

If Alice and Bob use random number generators whose outputs are not completely random and can be predicted to some extent, then Eve's task is much easier. A random number generator (often abbreviated as RNG is a computational or physical device designed to generate a sequence of Numbers or symbols that lack any

The secret integers a and b are discarded at the end of the session. In Computer science, in particular networking, a session is a semi-permanent interactive information exchange also known as a dialogue a conversation or a meeting Therefore, Diffie-Hellman key exchange by itself trivially achieves perfect forward secrecy because no long-term private keying material exists to be disclosed. In an authenticated Key-agreement protocol that uses Public key cryptography, perfect forward secrecy (or PFS) is the property that ensures that a session

Authentication

In the original description, the Diffie-Hellman exchange by itself does not provide authentication of the communicating parties and is thus vulnerable to a man-in-the-middle attack. Authentication (from Greek αυθεντικός real or genuine from authentes author is the act of establishing or confirming something (or someone as In Cryptography, the man-in-the-middle attack or bucket-brigade attack (often abbreviated MITM) sometimes Janus attack, is a A person in the middle may establish two distinct Diffie-Hellman key exchanges, one with Alice and the other with Bob, effectively masquerading as Alice to Bob, and vice versa, allowing the attacker to decrypt (and read or store) then re-encrypt the messages passed between them. A method to authenticate the communicating parties to each other is generally needed to prevent this type of attack.

A variety of cryptographic authentication solutions incorporate a Diffie-Hellman exchange. When Alice and Bob have a public key infrastructure, they may digitally sign the agreed key, or g^a and g^b, as in MQV, STS and the IKE component of the IPsec protocol suite for securing Internet Protocol communications. In Cryptography, a public key infrastructure ( PKI) is an arrangement that binds Public keys with respective user identities by means of a Certificate MQV ( Menezes-Qu-Vanstone) is an authenticated protocol for Key agreement based on the Diffie-Hellman scheme The Station-to-Station (STS protocol is a cryptographic Key agreement scheme based on classic Diffie-Hellman that provides mutual key and entity authentication Internet key exchange ( IKE) is the protocol used to set up a Security association (SA in the IPsec protocol suite Internet Protocol Security ( IPsec) is a suite of protocols for securing Internet Protocol (IP communications by authenticating and/or encrypting The Internet Protocol ( IP) is a protocol used for communicating data across a Packet-switched Internetwork using the Internet Protocol When Alice and Bob share a password, they may use a password-authenticated key agreement form of Diffie-Hellman. In Cryptography, a password-authenticated key agreement method is an interactive method for two or more parties to establish cryptographic keys based on one or more party's knowledge

References

Non-Secret Encryption Using a Finite Field MJ Williamson, January 21, 1974. Events 1189 - Philip II of France and Richard I of England begin to assemble troops to wage the Third Crusade. Year 1974 ( MCMLXXIV) was a Common year starting on Tuesday (link will display full calendar of the 1974 Gregorian calendar.
Thoughts on Cheaper Non-Secret Encryption MJ Williamson, August 10, 1976. Events 612 BC - Killing of Sinsharishkun, King of Assyrian Empire Year 1976 ( MCMLXXVI) was a Leap year starting on Thursday (link will display full calendar of the Gregorian calendar.
New Directions in Cryptography W. Diffie and M. E. Hellman, IEEE Transactions on Information Theory, vol. IT-22, Nov. 1976, pp: 644-654.
Cryptographic apparatus and method Martin E. Hellman, Bailey W. Diffie, and Ralph C. Merkle, U. S. Patent #4,200,770, 29 April 1980
The History of Non-Secret Encryption JH Ellis 1987 (28K PDF file) (HTML version)
The First Ten Years of Public-Key Cryptography Whitfield Diffie, Proceedings of the IEEE, vol. Events 1429 - Joan of Arc arrives to relieve the Siege of Orleans. Year 1980 ( MCMLXXX) was a Leap year starting on Tuesday (link displays the 1980 Gregorian calendar) James H Ellis (1924&ndashNovember 1997 was an Engineer and Mathematician. Year 1987 ( MCMLXXXVII) was a Common year starting on Thursday (link displays 1987 Gregorian calendar) 76, no. 5, May 1988, pp: 560-577 (1. 9MB PDF file)
Menezes, Alfred; van Oorschot, Paul; Vanstone, Scott (1997). Alfred Menezes is co-author of several books on Cryptography, most notably the Handbook of Applied Cryptography. Paul C van Oorschot is a cryptographer and Computer security researcher currently a professor of Computer science at Carleton University. Scott A Vanstone is a cryptographer who co-authored the Handbook of Applied Cryptography. Handbook of Applied Cryptography Boca Raton, Florida: CRC Press. ISBN 0-8493-8523-7. (Available online)
Singh, Simon (1999) The Code Book: the evolution of secrecy from Mary Queen of Scots to quantum cryptography New York: Doubleday ISBN 0-385-49531-5
An Overview of Public Key Cryptography Martin E. Simon Lehna Singh, MBE (born 1964) is an Indian-British Author of Punjabi background who has specialised in writing about mathematical The Code Book The Evolution of Secrecy from Mary Queen of Scots to Quantum Cryptography is a book written by Simon Singh and published in 1999 by Doubleday of New Hellman, IEEE Communications Magazine, May 2002, pp:42-49. (123kB PDF file)

External links

RFC 2631 - Diffie-Hellman Key Agreement Method E. Elliptic Curve Diffie-Hellman (ECDH is a Key agreement protocol that allows two parties to estabilish a shared secret key over an insecure channel. Public-key cryptography, also known as asymmetric cryptography, is a form of Cryptography in which the key used to encrypt a message differs from the key In Cryptography, the ElGamal encryption system is an Asymmetric key encryption algorithm for Public-key cryptography which is based on the Diffie-Hellman The Diffie-Hellman problem (DHP is the name of a specific problem in Cryptography which was first proposed by Whitfield Diffie and Martin Hellman. MQV ( Menezes-Qu-Vanstone) is an authenticated protocol for Key agreement based on the Diffie-Hellman scheme In Cryptography, a password-authenticated key agreement method is an interactive method for two or more parties to establish cryptographic keys based on one or more party's knowledge Rescorla June 1999.
Summary of ANSI X9.42: Agreement of Symmetric Keys Using Discrete Logarithm Cryptography (64K PDF file) (Description of ANSI 9 Standards)
Diffie-Hellman explained visually
Diffie-Hellman Key Exchange – A Non-Mathematician’s Explanation by Keith Palmgren
Crypt::DH Perl module from CPAN
Hands-on Diffie-Hellman demonstration
C implementation using GNU Multiple Precision Arithmetic Library

NOTES FOR EDITORS "Perl" is not an acronym (read the "Name" section below CPAN is an Acronym standing for Comprehensive Perl Archive Network, an archive of over 12200 modules of software written in Perl, as well as documentation

© 2009 citizendia.org; parts available under the terms of GNU Free Documentation License, from http://en.wikipedia.org
network: | |

Contents