DH key exchange and ECDH principle (RPM)

Source: Internet
Author: User

DH key exchange and ECDH principleTime 2013-06-24 18:50:55 csdn Blogsimilar articles ( 0) original http://blog.csdn.net/sudochen/article/details/9164427

let's take Alice and Bob as an example to describe the principle of Diffie-hellman key exchange.

all participants involved in the 1,diffie-hellman Exchange process define a group in which a large prime number p, base g, is defined.

2,diffie-hellman Key Exchange is a two-part process, both Alice and Bob need a private number, a, B.

The following is a process diagram for the DH interchange:

This image is from a wiki

Let's take an example below

1. Alice and Bob agreed to use p=23 and g=5.

2. Alice chooses a secret integer a=6, calculates a = g^a mod p and sends it to Bob.
A = 5^6 MoD 23 = 8.

3. Bob chooses a secret integer b=15, calculates b = g^b mod p and sends it to Alice.
B = 5^15 MoD 23 = 19.

4. Alice calculates s = B a mod p
19^6 mod 23 = 2.

5. Bob calculates s = A b mod p
8^15 mod 23 = 2.

ECDH key exchange:

ECDH:

ECC algorithms are used in conjunction with DH for key negotiation, a key exchange algorithm called ECDH. The exchange parties can negotiate a key without sharing any secrets. ECC is a cryptosystem based on elliptic curve discrete logarithm problem, given an elliptic curve of a point P, an integer k, it is easy to solve Q=KP; Given a point p, Q, know Q=KP, it is a difficult problem to find an integer k. ECDH is built on this mathematical conundrum. Key negotiation process:

assume that the key exchange is Alice, Bob, which has shared curve parameters (elliptic curve E, order n, Base point g).

1) Alice generates a random integer, A, calculates a=a*g. #生成Alice公钥

2) Bob generates a random integer b, calculating b=b*g. #生产Bob公钥

3) Alice passes A to Bob. A's delivery can be made public, that is, an attacker can obtain a.

because the discrete logarithm problem of elliptic curves is difficult, an attacker can not calculate a by a or G.

4) Bob passes B to Alice. Similarly, the delivery of B can be made public.

5) Bob receives the A that Alice passed, calculates the Q =b*a #Bob通过自己的私钥和Alice的公钥得到对称密钥Q

6) Alice receives Bob's pass B, calculates Q ' =a*b #Alice通过自己的私钥和Bob的公钥得到对称密钥Q '

Alice and Bob both get q=b*a=b* (a*g) = (b*a) *g= (a*b) *g=a* (b*g) =a*b=q ' (Commutative law and binding law), that is, both parties receive a consistent key Q.

Currently, the ECC algorithm suite support is ECDSA/ECDH in OpenSSL. In the country secret SSL suite, you can use ECDSA/ECC (key encryption transfer), ECDSA/ECDH (key negotiation) two sets of

DH key exchange and ECDH principle (RPM)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.