Diffie-hellman Key Exchange

The purpose of this algorithm is to enable two users to securely exchange the key to encrypt the message in the post-order communication, the algorithm itself is limited to the key exchange.

the validity of the Diffie-hellman algorithm is based on the difficulty of computing the discrete logarithm.

Algorithm Description:

1. Select two public integers: Some primitive root α of prime Q and Q .

2, user a Select a random integer xa < q Ya =αxa mod q b Span style= "font-family: the song Body;" > Select the random number x b < q Yb =αxb mod q a and b All to its x y

3. User A calculates ka = (YB) XA mod q, user B calculates kb = (YA) XB mod q. Since Ka = KB, user a and B have completed their key exchange with each other.

　　　　Proof: KA = (YB) XA mod q

= (ΑXB mod q) XA mod q

= (ΑXB) XA mod q

= (αxa) XB mod q

= (αxa mod q) XB mod q

= (YA) XB mod q

= KB

Security:

Since XA and xb are private, attackers can only attack by means of Q,α,Y, and YB, so the discrete logarithm must be obtained to determine the key. That

XB = Dlogα,q (YB)

However, it is very difficult to calculate discrete logarithm, and it is not feasible to find discrete logarithm for large primes. Therefore, the security of the key is ensured.

However, such an agreement does not resist man-in-the- middle attacks .

The attack process is as follows:

1, attacker D randomly generates a private key XD1,xd2, and calculates the public key of the response Yd1,yd2

2,a to communicate with b , to pass YA to b, but by D intercepted and modified to YD1 passed to B.

3 b received the y D1, the y B to a d intercepted, and modified to y D2 to

In fact, in the communication between a and B ,D plays the role of the middleman, actually a and D Communications,D and B Communications, the vulnerability is because the protocol does not certify the parties to the communication. These defects can be overcome by digital signatures and public key certificates.

Diffie-hellman Key Exchange