Modular arithmetic and DiffieHellman Key Exchange - PowerPoint PPT Presentation

1 / 20
About This Presentation
Title:

Modular arithmetic and DiffieHellman Key Exchange

Description:

That is, would an eavesdropper (Cindy) be able to compute KA (=KB) if she knows ... So the question is: given gxA mod p and gxB mod p, can Cindy compute gxAxB mod p? ... – PowerPoint PPT presentation

Number of Views:183
Avg rating:3.0/5.0
Slides: 21
Provided by: mjako
Category:

less

Transcript and Presenter's Notes

Title: Modular arithmetic and DiffieHellman Key Exchange


1
Modular arithmeticand Diffie-Hellman Key
Exchange
2
A very common techniquemodular arithmetic
  • Normal arithmetic
  • 5 5 25
  • 25 / 5 5
  • Modular arithmetic (mod 21)
  • 5 5 4
  • 4 / 5 5
  • Of course, we can use any integer modulo not
    only 21

3
More modular arithmetic (mod 21 still)
  • Addition 1214 26 5
  • Additive inverse (what do I need to ADD to
  • 2 if I really want to SUBTRACT 5?)
  • - 5 21 - 5 16
  • 2-5 21618

4
And yet some more
  • Multiplicative inverse (what do I need to
  • multiply 6 by if I really want to divide by 2?)
  • 112 22 1, therefore 112-1
  • How can we find multiplicative inverses? Either
    try all possibilities, or use the Extended
    Euclidian Algorithm.

5
One more important operation
  • Exponentiation 53 (55)5 45 20
  • (still modulo good old 21)

6
Now to an interesting fact
  • Additive inverses are easy to find.
  • Multiplicative inverses are easy to find.
  • Exponentiation inverses (called discrete
    logarithms) are NOT easy to find!
  • What does this mean? A one-way function! )

7
One more interesting thing
  • If I give you three values, g, gx and gy, you
    cannot compute gxy unless you know either x or y
    but if you do, then it is easy! (All modulo
    some integer, as usual.)
  • (This is referred to as the Diffie-Hellman
    assumption.)

8
So how can we use any of this???
9
A word about encryption
  • Using a public key encryption scheme (such as
    RSA), the sender only has to know the receivers
    public key.
  • If a symmetric key encryption scheme (such as
    AES) is used, the sender and receiver has to
    first agree on a key that they both know.
  • Symmetric key ciphers are much faster than public
    key ciphers.

10
How can we agree on a symmetric key?
  • If the recipient has a public key then key
    transport can be done the initiator (sender)
    picks a symmetric key K, encrypts it using the
    recipients public key, sends the result over.
  • If both have public keys, then Diffie-Hellman
    key exchange can be performed.
  • If neither what can be done then?

11
Diffie-Hellman Key Exchange (part 1)
  • System parameters p is a large prime,
  • g is a generator of Gp
  • Alice has a secret key xA, a public key yA, where
    yAgxA mod p
  • Bob has a secret key xB, a public key yB, where
    yBgxB mod p

12
Diffie-Hellman Key Exchange (part 2)
  • Alice computes KAyBxA mod p
  • Bob computes KByAxB mod p
  • Now, notice that modulo p, we have that
  • KA(yB)xA (gxB)xA
  • (gxA)xB (yA)xB KB
  • Like magic Alice and Bob share a key!

13
Diffie-Hellman Key Exchange (part 3)
  • But is it secure? That is, would an eavesdropper
    (Cindy) be able to compute KA (KB) if she knows
    yA and yB and observes all interaction?
  • First of all there is no interaction!
  • So the question is given gxA mod p and gxB mod
    p, can Cindy compute gxAxB mod p?

14
But here is a problem (called the
man-in-the-middle attack)
  • Alice wants to talk to Bob, sends her public key
    to Bob.
  • But Cindy intercepts it, and replaces Alices
    public key with hers. She sends this to Bob.
  • Bob thinks Alice wants to talk to him. He sends
    his public key to her.
  • But Cindy intercepts and replaces!
  • Then Cindy sets up shared keys with both!

15
What can we do?
  • If the public keys are certified (see e.g.,
    VeriSign) then Alice and Bob verifies that they
    got the right public keys!
  • If not (or if Alice and Bob just created the
    secret and public keys for this exchange), can
    anything be done?

16
The Problem of Pairing
?
  • Key pairing problem (KA KB )
  • (verify that there is no man-in-the-middle)

17
Mahers solution(patent 5,450,493 , search USPTO)
  • Alice and Bob perform a DH key exchange, then
  • Alice computes a f(KA) and
  • Bob computes   b f(KB),
  • where f compresses.
  •     (Note that Cindy can also compute (a,b).) 
  • 2. Then, Alice and Bob compare a and b
    usinganother channel (such as voice). Note that
    theycannot use the same as for key exchange! 
  • 3. If different, stop, otherwise ok.       

18
Problems with Mahers solution(not published as
far as I know)
  • Eve knows f! She generates secret keys xE1, xE2
    and public keys yE1gxE1, and yE2gxE2.
  • Eve knows Alice and Bob will compare f(yE1xA) and
    f(yE2xB)
  • Eve checks if these are equal if not, goes to
    1.
  • 4. Then she sends yE1 to Alice and yE2 to Bob.
  • 5. She knows they will get the same check
    value! Now they are tricked to share a key with
    her! 

19
How can we fix this?(first solution)
  • Let Alice and Bob select a (rather short) random
    number r over another channel (voice, etc.)
  • 2. and compare a f(KA,r) and b f(KB,r)
  • 3. Now, to cheat, Cindy has to anticipate r (or
    be lucky!)

20
How can we fix this?(second solution)
commitment (K , shared-PIN, r2 )
r1
check
r2
check
Write a Comment
User Comments (0)
About PowerShow.com