DiffieHellman Key Exchange Protocol

1
Diffie-Hellman Key Exchange Protocol

• PROBLEM
• Symmetric encryption needs the same key at both
  ends,
• Key negotiation via SSL-like mechanisms uses
  public-key methods, which needs certificates, and
  issuing/managing them (PKI) is a hassle
• How can any two parties openly negotiate a
  session key, without observers learning it?

2
Diffie-Hellman

• Like RSA, based on easy to do exponentiation in
  discrete (i.e. using mod) field.
• But hard to find inverse given a remainder,
  its hard to find discrete log and get back to the
  starting point.

3
The simple maths youll need

• gxy gyx (gx)y (gy)x
• But these also apply in a finite field (i.e. mod
  n, or clock arithmetic)
• And you can move the mod n into the
  computations without changing the equality
• (gx mod n)y mod n (gy mod n)x mod n

4
(gx mod n)y mod n (gy mod n)x mod n

• g and n are prime, public, (say g7, n41)
• Alice chooses secret x and publishes u.
• u gx mod n
• Bob chooses secret y and publishes v.
• v gy mod n
• Alice computes S vx mod n
• Bob computes S uy mod n
• They get the same answer, session key S

5
In practice

• g and n are big numbers
• Mallet knows g, n, u, v
• but cant find x, y, or S easily.

6
BUT negotiated keys protocols are vulnerable to
man in the middle attacks

• Mallet interposes himself between A and B.
• He impersonates B when talking to A, and
  impersonates A when talking to B.
• When Alice announces her computed u, Mallet
  intercepts it and uses his own random number to
  negotiate a session key with her. Similarly, he
  negotiates a different session key with Bob.
• He can decrypt from A and re-encrypt before
  passing on to B, and vice versa.

7
Diffie-Hellman Conclusion

• First of many key exchange algorithms.
• Simple
• If Germans had this technology in WWII