Scribd Logo
Upload

Welcome to Scribd!

  • 4a PKC DH

    Uploaded by

    tracy keita
    20 views4 pages
    attacks

    Copyright

    © © All Rights Reserved

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    attacks

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    20 views4 pages

    4a PKC DH

    Uploaded by

    tracy keita
    attacks

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    DIFFIE HELLMAN – PKC EXAMPLE

    OVERVIEW

    • The first published public-key crypto algorithm was by Diffie & Hellman in 1976 along with the
    exposition of public key concepts.

    • Practical method for public exchange of a secret key.

    – Used in a number of commercial products.

    – Note: D-H cannot be used to encrypt data.

    • Based on the fact that it is relatively easy to compute exponents compared to computing
    discrete logarithms.

    • It allows two parties to generate a secret key.

    – They need to exchange some information over an unsecure communications channel to


    perform the calculation.

    – An eavesdropper cannot determine the shared key based upon this information.

    DH Setup

    • Alice and Bob start by agreeing on global parameters:

    – A large prime integer (or polynomial): q

    – They also have to choose some number a,


    so that a < q.

    • a must be primitive with respect to q.

    Primitive Elements

    • Primitive: A primitive element in a group is an element whose powers exhaust the entire group.

    – g is primitive to n, if we can find integers i so that: gi mod n = j, for all values of j, from 1
    to n-1. Thus:

    – 3 is primitive in the group of units mod 7 because the set of powers of 3 from 1 to 6,
    mod 7 = {3,2,6,4,5,1}.

    • Or as: 1=36, 2=32, 3=31, 4=34, 5=35, and 6=33.

    – 2 is not primitive in this group because the set of powers of 2 from 1 to 6, mod 7 =
    {2,4,1,2,4,1}.
    • Or as there is no exponent e such that 3=2e mod 7.

    – More commonly we say that 3 is primitive mod 7 but 2 is not.

    • mod: modulus.

    – x mod y means "take the remainder after dividing x by y".

    • Thus: 1 mod 7 = 1; 9 mod 6 = 3; and, 8 mod 8 = 0.

    D-H Key Generation

    • Each user generates their private key: x (it should be a large random number)

    – Alice chooses a secret key: xA < q

    – Bob chooses a secret key: xB < q

    • Each user generates their public key: y

    – Alice computes her public key: yA = axA mod q

    – Bob computes his public key: yB = axB mod q

    • Each user communicates to the other party their public key.

    D-H Key Exchange

    • Each user computes their shared session key, KAB, as: KAB = axA.xB mod q

    = yAxB mod q (KB which Bob can compute)

    = yBxA mod q (KA which Alice can compute)

    • KAB is then used as the session key in a private-key encryption scheme between Alice and Bob.

    • Based on their own private key and the public key learned from the other party, Alice and Bob
    have computed their secret keys, KA and KB, respectively (and KA = KB = KAB).

    D-H Strength

    • An adversary (Mallory) has ingredients: q, a, yA, and yB to work with.

    • Mallory must solve a discrete log to determine the key.

    – Hard and almost infeasible when large numbers are concerned.

    Simplified D-H Example

    • Alice & Bob wish to establish a secret session key.


    – They agree on prime q=7 and a=3

    – They select random private keys:

    • Alice chooses xA=2, Bob chooses xB=3

    – They compute public keys:

    • yA = 32 mod 7 = 2 (Alice)

    • yB = 33 mod 7 = 6 (Bob)

    – They compute shared session key as:

    • KAB = yBxA mod 7 = 62 mod 7 = 1 (Alice)

    • KAB = yAxB mod 7 = 23 mod 7 = 1 (Bob)

    Man in the Middle Attack

    • D-H is susceptible to the man-in-the-middle attack.

    – An adversary who can intercept messages and then either relay the intercepted
    message or substitute another message.

    • D-H is vulnerable to such an attack because it does not authenticate the participants.

    – This can be overcome with the use of digital signatures and public-key certificates.

    • Suppose Alice and Bob wish to exchange keys, and Darth is the adversary. The attack proceeds
    as follows:

    – Darth prepares for the attack by generating two random private keys X D1 and XD2, and
    then computing the corresponding public keys Y D1 and YD2.

    – Alice transmits YA to Bob.

    – Darth intercepts YA and transmits YD1 to Bob.


    Darth also calculates K1= YAxD2 mod q.

    – Bob receives YD1 and calculates K2= YD1xB mod q.

    – Bob transmits YB to Alice.

    – Darth intercepts YB and transmits YD2 to Alice.


    Darth calculates K2= YBxD1 mod q.

    – Alice receives YD2 and calculates K1= YD2xA mod q.


    • At this point, Alice and Bob think that they share a secret key, but instead Alice and Darth share
    secret key K1 and Bob and Darth share secret key K 2.

    • All future communication between Alice and Bob is compromised as follows:

    – Alice sends an encrypted message M: E(K 1,M).

    – Darth intercepts the message and decrypts it to recover M.

    – Darth sends Bob E(K2,M) or E(K2,M’), where M’ is any message.

    You might also like