Modular arithmetic and DiffieHellman Key Exchange - PowerPoint PPT Presentation

1 / 20
About This Presentation
Title:

Modular arithmetic and DiffieHellman Key Exchange

Description:

That is, would an eavesdropper (Cindy) be able to compute KA (=KB) if she knows ... So the question is: given gxA mod p and gxB mod p, can Cindy compute gxAxB mod p? ... – PowerPoint PPT presentation

Number of Views:182
Avg rating:3.0/5.0
Slides: 21
Provided by: mjako
Category:

less

Transcript and Presenter's Notes

Title: Modular arithmetic and DiffieHellman Key Exchange


1
Modular arithmeticand Diffie-Hellman Key
Exchange
2
A very common techniquemodular arithmetic
  • Normal arithmetic
  • 5 5 25
  • 25 / 5 5
  • Modular arithmetic (mod 21)
  • 5 5 4
  • 4 / 5 5
  • Of course, we can use any integer modulo not
    only 21

3
More modular arithmetic (mod 21 still)
  • Addition 1214 26 5
  • Additive inverse (what do I need to ADD to
  • 2 if I really want to SUBTRACT 5?)
  • - 5 21 - 5 16
  • 2-5 21618

4
And yet some more
  • Multiplicative inverse (what do I need to
  • multiply 6 by if I really want to divide by 2?)
  • 112 22 1, therefore 112-1
  • How can we find multiplicative inverses? Either
    try all possibilities, or use the Extended
    Euclidian Algorithm.

5
One more important operation
  • Exponentiation 53 (55)5 45 20
  • (still modulo good old 21)

6
Now to an interesting fact
  • Additive inverses are easy to find.
  • Multiplicative inverses are easy to find.
  • Exponentiation inverses (called discrete
    logarithms) are NOT easy to find!
  • What does this mean? A one-way function! )

7
One more interesting thing
  • If I give you three values, g, gx and gy, you
    cannot compute gxy unless you know either x or y
    but if you do, then it is easy! (All modulo
    some integer, as usual.)
  • (This is referred to as the Diffie-Hellman
    assumption.)

8
So how can we use any of this???
9
A word about encryption
  • Using a public key encryption scheme (such as
    RSA), the sender only has to know the receivers
    public key.
  • If a symmetric key encryption scheme (such as
    AES) is used, the sender and receiver has to
    first agree on a key that they both know.
  • Symmetric key ciphers are much faster than public
    key ciphers.

10
How can we agree on a symmetric key?
  • If the recipient has a public key then key
    transport can be done the initiator (sender)
    picks a symmetric key K, encrypts it using the
    recipients public key, sends the result over.
  • If both have public keys, then Diffie-Hellman
    key exchange can be performed.
  • If neither what can be done then?

11
Diffie-Hellman Key Exchange (part 1)
  • System parameters p is a large prime,
  • g is a generator of Gp
  • Alice has a secret key xA, a public key yA, where
    yAgxA mod p
  • Bob has a secret key xB, a public key yB, where
    yBgxB mod p

12
Diffie-Hellman Key Exchange (part 2)
  • Alice computes KAyBxA mod p
  • Bob computes KByAxB mod p
  • Now, notice that modulo p, we have that
  • KA(yB)xA (gxB)xA
  • (gxA)xB (yA)xB KB
  • Like magic Alice and Bob share a key!

13
Diffie-Hellman Key Exchange (part 3)
  • But is it secure? That is, would an eavesdropper
    (Cindy) be able to compute KA (KB) if she knows
    yA and yB and observes all interaction?
  • First of all there is no interaction!
  • So the question is given gxA mod p and gxB mod
    p, can Cindy compute gxAxB mod p?

14
But here is a problem (called the
man-in-the-middle attack)
  • Alice wants to talk to Bob, sends her public key
    to Bob.
  • But Cindy intercepts it, and replaces Alices
    public key with hers. She sends this to Bob.
  • Bob thinks Alice wants to talk to him. He sends
    his public key to her.
  • But Cindy intercepts and replaces!
  • Then Cindy sets up shared keys with both!

15
What can we do?
  • If the public keys are certified (see e.g.,
    VeriSign) then Alice and Bob verifies that they
    got the right public keys!
  • If not (or if Alice and Bob just created the
    secret and public keys for this exchange), can
    anything be done?

16
The Problem of Pairing
?
  • Key pairing problem (KA KB )
  • (verify that there is no man-in-the-middle)

17
Mahers solution(patent 5,450,493 , search USPTO)
  • Alice and Bob perform a DH key exchange, then
  • Alice computes a f(KA) and
  • Bob computes   b f(KB),
  • where f compresses.
  •     (Note that Cindy can also compute (a,b).) 
  • 2. Then, Alice and Bob compare a and b
    usinganother channel (such as voice). Note that
    theycannot use the same as for key exchange! 
  • 3. If different, stop, otherwise ok.       

18
Problems with Mahers solution(not published as
far as I know)
  • Eve knows f! She generates secret keys xE1, xE2
    and public keys yE1gxE1, and yE2gxE2.
  • Eve knows Alice and Bob will compare f(yE1xA) and
    f(yE2xB)
  • Eve checks if these are equal if not, goes to
    1.
  • 4. Then she sends yE1 to Alice and yE2 to Bob.
  • 5. She knows they will get the same check
    value! Now they are tricked to share a key with
    her! 

19
How can we fix this?(first solution)
  • Let Alice and Bob select a (rather short) random
    number r over another channel (voice, etc.)
  • 2. and compare a f(KA,r) and b f(KB,r)
  • 3. Now, to cheat, Cindy has to anticipate r (or
    be lucky!)

20
How can we fix this?(second solution)
commitment (K , shared-PIN, r2 )
r1
check
r2
check
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Modular arithmetic and DiffieHellman Key Exchange" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!