Diffie-hellman Key Negotiation algorithm

Source: Internet
Author: User
Tags modulus

I. Overview

Diffie-hellman key negotiation algorithm mainly solves the problem of key distribution, which is not used for encryption in itself; the algorithm has the corresponding mathematical theory behind it, which is simple to construct a complicated computational problem, so that the solution of the problem can not be solved quickly and effectively in real time ( Computationally infeasible ).

Understanding the principle of Diffie-hellman key negotiation is not difficult, just need a bit of number theory knowledge can be understood, mainly using simple modulo arithmetic operation, Ben Yuangen, Fermat theorem, discrete logarithm and other basic number theory knowledge. In the modern cryptography, the basic number of knowledge carding has made the necessary summary of these knowledge.

Ii. where to come from

The DH key negotiation algorithm was co-authored by Whitfield Diffie and Martin Hellman in 1976. New Directions in cryptography(Sectionⅲpublic key Cryptography) is presented as an open Key distribution system (publicKey Distributionsystems). The narrative process of the original text is relatively simple, but the principle of the algorithm and its feasibility are basically expounded.

In this paper, we actually put forward some ideas that were very innovative at the time. The original paper focuses on two topics:

(1) How to make a secure key allocation on the public network channel.

(2) certification (can be subdivided into message authentication and user authentication).

In order to solve the first problem, two methods are proposed: Public key cryptography (publicly keycryptosystem) and secret Key distribution (distributionsystem). For public key cryptography, the original text simply outlines a conceptual model of a relatively abstract public key cryptography system, with emphasis on the use of different keys for encryption and decryption, and summarizes some of the characteristics that the system should meet, which is equivalent to a thought experiment, and does not give a specific algorithm to achieve the path, but it should be enough to attract people at that time. Later RSA Trio (Ron Rivest, Adi Shamir and Leonard Adleman) were inspired, after many rounds of failed attempts, in the second year in paper a Method for obtaining Digital Signatures an In D public-key cryptosystems , a practical and very specific public key encryption algorithm--RSA public key encryption algorithm is proposed. For the secret Key distribution system, the DH key negotiation algorithm is presented in this paper.

In order to solve the second problem, the original text is solved by one-way function (one-way functions), which is the problem of one-way authentication. In addition, the author discusses the relationship between these cryptography problems and how to transform each other. For example, a Secure password system (which can protect against plaintext attacks) can be used to generate a one-way function, a public-key cryptography system can be used as a one-way authentication, trap door cipher system can be used to generate a public key encryption system. The computational complexity of mathematical puzzles is used as an effective tool to safeguard cryptographic security problems, which runs through many cryptographic algorithms of modern cryptography.

three, algorithm flow and principle

In accordance with the Convention, Alice and Bob, the two cryptography in the role of the network, described the DH algorithm flow.

Suppose Alice needs to negotiate a secret key with Bob (The secret key is essentially a bit sequence, which is a large number from a computational point of view).

1) First Alice and Bob share a prime $p$ and the primitive root of the prime $p$ $g$ (Geneator), of course there are $2\leqslant g\leqslant p-1$. These two numbers can be sent unencrypted by one party to the other, as to who sent it is not important, the result as long as the two sides are informed that $p$ and $g$ can.

2) Then Alice generates a private random number $a$, satisfies the \leqslant a\leqslant p-1$, then calculates $g^{a}\;mod\;p =y_{a}$ and sends the result $y_{a}$ to Bob via the public network; Bob also generates a private random number $b$, satisfies the \leqslant b\leqslant p-1$, calculates $g^{b}\;mod\;p =y_{b}$, and sends the result $y_{b}$ to Alice via the public network.

3) At this time Alice knew the information there is $p,g,a,y_{a}$, the number $a$ is Alice Private, only she knows, others can not know, the other three information is other people may know, Bob knows the information $p,g,a,y_{a}$, where the number $b$ Bob is private, and only he knows it, and no one else can know, and others may know it.

So far, the secret key negotiation between Alice and Bob has ended.

Alice calculates $k_{a}= (Y_{b}) ^a\;mod\;p $ to get the secret key $k_{a}$, in the same vein, by calculating $k_{b}= (Y_{a}) ^b\;mod\;p $ to get the secret key $k_{b}$, at this time can prove that must meet $k_{a} =k_{b}$. Therefore, the two sides after consultation with the same secret key, to achieve the purpose of the secret key negotiations.

Prove:

For Alice there are:

$K _{a}= (Y_{b}) ^a\;mod\;p = (g^b\;mod\;p) ^{a}\;mod\;p =g^{b\times a}\;mod\;p $

For Bob there are:

$K _{b}= (Y_{a}) ^b\;mod\;p = (g^{a}\;mod\;p) ^{b}\;mod\;p =g^{a\times b}\;mod\;p $

As you can see, Alice and Bob generate the secret key in the same process, so there must be $k_{a}=k_{b}$. "The same operation process" is the essential reason for the two sides to negotiate the key, similar to the use of elliptic curve key negotiation is the same principle.

More closely, $A $ and $b$ should not choose $p-1$, that is, they can only be selected in the collection $\left \{,..., p-2 \right \}$. This is because if you choose $p-1$, then by the Fermat theorem, the situation degrades into $g^{p-1}\equiv1\;(mod\;p) $, which poses a threat to the confidentiality of the secret key negotiation.

So summing up, the whole process is probably like this:

So, can the wiretap Eve crack the secret key? The first thing you need to know is what information Eve can hear, obviously the information that Eve can eavesdrop on is only $p,g,y_{a},y_{b}$, and now the question is, can eve calculate $k_{a}$ or $k_{b}$ through the above information? To calculate $k_{a}$ or $k_{b}$ need to know $a$ or $b$.

To calculate $a$ For example, Eve can calculate $a$ according to the condition of the $g^{a}\;mod\;p =y_{a}$? In fact, when the $p$ is a large prime number, this is quite difficult, and this is the discrete logarithm problem. In fact, when the paper was published, the time complexity of the most effective algorithm for calculating the problem was about $o (\sqrt{p}) $. It is also the difficulty of solving this problem to ensure the safety of DH algorithm. If a logarithmic time complexity algorithm can be found, the algorithm is easily compromised.

四、一个 instances

1) Suppose Alice and Bob share the $p$ and $g$ respectively is $p=17,g=3$, it is obvious here $g=3$ is a primitive root of $p=17$, in fact, $3,5,6,7,10,11,12,14$ are the root of 17.

2) then Alice selects a private number, assuming $a=15$, calculates $y_{a}=3^{15}\;mod\;17=14348907\;mod\;17=6$, sends 6 to Bob, and Bob also selects a private number, assuming $b=13$, calculates $ y_{a}=3^{13}\;mod\;17=1594323\;mod\;17=12$, send 12 to Alice.

3) Alice calculates the secret key $k_{a}=12^{15}\;mod\;17=2147483647\;mod\;17=8$,bob the key $k_{b}=6^{13}\;mod\;17=2147483647\;mod\;17=8$. After negotiations between the two sides, 8 eventually became the key to the negotiations between the two sides.

In fact, when the exponent and modulus of the number of bits are relatively large, there is a fast calculation of the power modulus of the algorithm called "Iterative square Algorithm", the implementation is relatively simple, in the introduction of the algorithm in the 31st chapter has a corresponding explanation.

v. Problems in existence

Is the DH secret key negotiation algorithm safe? Neither should it be said, because there is a type of spoofing attack (or a man-in-the-middle attack) that can pose a threat to this secret-key negotiation algorithm.

Assuming the key negotiation process, there is an active attacker called Mallory between Alice and Bob, who is able to intercept Alice and Bob's messages and forge false messages, considering the following scenario.

1) Alice and Bob have shared a prime $p$ and the primitive root of the prime $p$ $g$, of course, Mallory hear the message also learned that the two messages.

2) At this point, Alice calculates $y_{a}=g^{a}\;mod\;p $, but in the process of sending $y_{a}$ to Bob is Mallory intercepted, Mallory himself selected a random number $s$, calculated $y_{sb}=g^{s}\;mod\;p $, and sent $y_{sb}$ to Bob.

3) At the same time Bob calculates $y_{b}=g^{b}\;mod\;p $, but in the process of sending $y_{b}$ to Alice is Mallory intercepted, Mallory himself selected a random number $t$, calculated $y_{ta}=g^{t}\;mod\;p $, and sent $y_{ta}$ to Alice.

Because the communication message is replaced, Alice calculates the secret key that is actually the negotiation key between Alice and Mallory: $K _{am}=g^{a \times t}\;mod\;p $;bob The secret key computed is actually the secret key negotiated between Bob and Mallory: $K _ {bm}=g^{b \times s}\;mod\;p $. If Alice and Bob then encrypt any information with their computed secret key, Mallory can decrypt the plaintext after interception, and Mallory can completely disguise the message as Alice or Bob.

Liu, References

1. New Directions in cryptography

2. Cryptographic coding and network security principles and practices

3. Graphic cipher Technology

Diffie-hellman Key Negotiation algorithm

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.