CLO 2

Lecture#07
Key Exchange- Diffie Helman
Course: Cryptography & Network Security (CE-408)
Course Teacher: Ms. Rukaiya

Contact Info:

Room No: BS-02, CED / AS-09, ORIC

Email: rukaiya@ssuet.edu.pk

1
 Diffie Helman Key Exchange
• First published public-key algorithm
• A number of commercial products employ this key
exchange technique
• Purpose is to enable two users to securely
exchange a key that can then be used for
subsequent symmetric encryption of messages
• The algorithm itself is limited to the exchange of
secret values
• Its effectiveness depends on the difficulty of
computing discrete logarithms

2
 Discrete Logarithms

𝒍𝒐𝒈𝟏𝟎 𝟏𝟎𝟎 = 𝟐 because 𝟏𝟎𝟐 = 100

If 𝒍𝒐𝒈𝒎 𝒃 = a then 𝒎𝒂 = b
• Where m is called the base of the logarithm
• This logarithm is for integers only
• In fact, we can also define it for mod p, where p is
any prime number
Problem
• The security of Diffie Helman depends on the
difficulty of solving the discrete logarithm problem
(DLP) in the multiplicative group of a finite field.
3
 Diffie Helman Algorithm

• There are five parts of algorithm

1. Global Public Key

2. User A key Generation
3. User B key Generation
4. Generation of Secret key by User A
5. Generation of Secret key by User B

1. Global Public Elements

1. q = Prime number
2. , where < q and is primitive root of q

4
 Primitive Root

• If xn = a then a is called the n-th root of x

• For any prime number p, if we have a number a such
that powers of a mod p generate all the numbers
between 1 to p-1 then a is called a Primitive Root
of p.
• Then for any integer b and a, primitive root a of
prime number p we can find a unique exponent i
such that

b = 𝒂𝒊 𝒎𝒐𝒅 𝒑
The exponent i is referred to as the discrete logarithm or
index, of b for the base a.

5
• Finding Primitive Root
• Example: Find primitive root of q =11 (prime number)
= 1,……….., q-1
= 1, 2, 3, 4, 5, 6, 7, 8, 9, 10

Suppose a= =2

𝑎1 = 2 mod 11 = 2
𝑎2 = 4 mod 11 = 4
𝑎3 = 8 mod 11 = 8
𝑎4 = 16 mod 11 = 5
𝑎5 = 32 mod 11 = 10
𝑎6 = 64 mod 11 = 9
𝑎7 = 128 mod 11 = 7
𝑎8 = 256 mod 11 = 3
𝑎9 = 512 mod 11 = 6
𝑎10 = 1024 mod 11 = 1

 The values should not be repeated

 We can say that a is the primitive root of q

6
• Finding Primitive Root
• Example: Find primitive root of q =11 (prime number)
= 1,……….., q-1
= 1, 2, 3, 4, 5, 6, 7, 8, 9, 10

Suppose a= =3

𝑎1 = 3 mod 11 = 3
𝑎2 = 9 mod 11 = 9
𝑎3 = 27 mod 11 = 5
𝑎4 = 81 mod 11 = 4
𝑎5 = 243 mod 11 = 1
𝑎6 = 729 mod 11 = 3
𝑎7 =
𝑎8 =
𝑎9 =
𝑎10 =

 The values are repeated

 We can say that a=3 is not the primitive root of q
7
 Diffie Helman Algorithm

2. User A Key Generation

1. Select Private key 𝑋𝐴 where, 𝑋𝐴 < q
2. Calculate public key 𝑌𝐴 where, 𝑌𝐴 = 𝑋𝐴 mod q

3. User B Key Generation

1. Select Private kay 𝑋𝐵 where, 𝑋𝐵 < q
2. Calculate public key 𝑌𝐵 where, 𝑌𝐵 = 𝑋𝐵 mod q

4. Generation of Secret key by User A

K s = YB XA mod q

5. Generation of Secret key by User A

K s = Y𝐴 XB mod q
8
 Alice Bob
Alice and Bob share a Alice and Bob share a
prime q and a, such that prime q and a, such that
a < q and a is a primitive a < q and a is a primitive
root of q root of q

Alice generates a private Bob generates a private

key XA such that XA < q key XB such that XB < q

Alice calculates a public Bob calculates a public

key YA = aXA mod q YA YB key YB = aXB mod q

Alice receives Bob’s Bob receives Alice’s

public key YB in plaintext public key YA in plaintext

Alice calculates shared Bob calculates shared

secret key K = (YB)XA mod q secret key K = (YA)XB mod q

9
Figure 10.1 Diffie-Hellman Key Exchange
Diffie Helman Algorithm
• Example
q= 97
=5
X A = 36
X B = 58

User A key generation User B key generation

𝑌𝐴 = 𝑋𝐴 mod q 𝑌𝐵 = 𝑋𝐴 mod q
= 536 mod 97 = 558 mod 97
𝑌𝐴 = 50 mod 97 𝑌𝐵 = 44 mod 97

User A Secret Key User B Secret Key

K s = YB XA mod q K s = Y𝐴 X𝐵 mod q
= 4436 mod 97 = 5058 mod 97
𝐊 𝐬 = 𝟕𝟓 𝐦𝐨𝐝 𝟗𝟕 𝑲𝒔 = 𝟕𝟓 𝐦𝐨𝐝 𝟗𝟕
10
Diffie Helman Algorithm
• Example
q= 11
=5
Y𝐵 = 3
Y𝐴 = 9
XA = ? K𝑆 =?

For 𝐗 𝐀
𝑌𝐴 = 𝑋𝐴 mod q
9 = 5 𝑋𝐴 mod 11
𝐗𝐀 = 6

For 𝐊 𝐒
𝐾𝑆 = (Y𝐵 )𝑋𝐴 mod q
= (3)6 mod 11
= 729 mod 11
𝐊𝐒 = 3
11
• Practice Example
q= 13
=7
Y𝐴 = 5, Y𝐵 = 12
X A = ? K𝑆 =?

For 𝐗 𝐀
𝑌𝐴 = 𝑋𝐴 mod q

𝐗𝐀 =

For 𝐊 𝐒
𝐾𝑆 = (Y𝐵 )𝑋𝐴 mod q
=
=
𝐊𝐒 =
12
• Practice Example
q= 83
= 5, X A = 6, X B = 10
Y𝐴 = ?, Y𝐵 = ?, K𝑆 =?

For 𝐘𝐀
𝑌𝐴 = 𝑋𝐴 mod q

𝐘𝐀 =

For 𝐘𝑩
𝑌𝐵 = 𝑋𝐵 mod q

𝐘𝑩 =

For 𝐊 𝐒
K S = (YB )XA mod q
=
𝐊𝐒 =

K S = (YA )XB mod q

=
𝐊𝐒 = 13
 Why Diffie Helman is Secure?

• Opponent has q, , Y𝐴 and Y𝐵

• To get X𝐴 or X 𝐵 , the opponent is forced to take a discrete
logarithm.
• The security of Diffie Helman key exchange lies is the
fact that, while it is relatively easy to calculate
exponentials modulo a prime, it is very difficult to
calculate discrete logarithms.
• For large primes, the later task is considered infeasible

14
 Alice Darth Bob
Private key XA
public key
YA = aXA mod q

YA

Private keys XD1, XD2

public keys
YD1 = aXD1 mod q
YD2 = aXD2 mod q
YD2 YD1

Secret key Secret key Private key XB

K2 = (YD2)XA mod q K2 = (YA)XD2 mod q public key
YB = aXB mod q

YB

Secret key Secret key

K1 = (YB)XD1 mod q K1 = (YD1)XB mod q

Alice and Darth Bob and Darth

share K2 share K1

Figure 10.2 Man-in-the-Middle Attack 15