DH key exchange and ECDH principle (RPM)

DH key exchange and ECDH principleTime 2013-06-24 18:50:55 csdn Blogsimilar articles ( 0) original http://blog.csdn.net/sudochen/article/details/9164427

let's take Alice and Bob as an example to describe the principle of Diffie-hellman key exchange.

all participants involved in the 1,diffie-hellman Exchange process define a group in which a large prime number p, base g, is defined.

2,diffie-hellman Key Exchange is a two-part process, both Alice and Bob need a private number, a, B.

The following is a process diagram for the DH interchange:

This image is from a wiki

Let's take an example below

1. Alice and Bob agreed to use p=23 and g=5.

2. Alice chooses a secret integer a=6, calculates a = g^a mod p and sends it to Bob.
A = 5^6 MoD 23 = 8.

3. Bob chooses a secret integer b=15, calculates b = g^b mod p and sends it to Alice.
B = 5^15 MoD 23 = 19.

4. Alice calculates s = B a mod p
19^6 mod 23 = 2.

5. Bob calculates s = A b mod p
8^15 mod 23 = 2.

ECDH key exchange:

ECDH:

ECC algorithms are used in conjunction with DH for key negotiation, a key exchange algorithm called ECDH. The exchange parties can negotiate a key without sharing any secrets. ECC is a cryptosystem based on elliptic curve discrete logarithm problem, given an elliptic curve of a point P, an integer k, it is easy to solve Q=KP; Given a point p, Q, know Q=KP, it is a difficult problem to find an integer k. ECDH is built on this mathematical conundrum. Key negotiation process:

assume that the key exchange is Alice, Bob, which has shared curve parameters (elliptic curve E, order n, Base point g).

1) Alice generates a random integer, A, calculates a=a*g. #生成Alice公钥

2) Bob generates a random integer b, calculating b=b*g. #生产Bob公钥

3) Alice passes A to Bob. A's delivery can be made public, that is, an attacker can obtain a.

because the discrete logarithm problem of elliptic curves is difficult, an attacker can not calculate a by a or G.

4) Bob passes B to Alice. Similarly, the delivery of B can be made public.

5) Bob receives the A that Alice passed, calculates the Q =b*a #Bob通过自己的私钥和Alice的公钥得到对称密钥Q

6) Alice receives Bob's pass B, calculates Q ' =a*b #Alice通过自己的私钥和Bob的公钥得到对称密钥Q '

Alice and Bob both get q=b*a=b* (a*g) = (b*a) *g= (a*b) *g=a* (b*g) =a*b=q ' (Commutative law and binding law), that is, both parties receive a consistent key Q.

Currently, the ECC algorithm suite support is ECDSA/ECDH in OpenSSL. In the country secret SSL suite, you can use ECDSA/ECC (key encryption transfer), ECDSA/ECDH (key negotiation) two sets of

DH key exchange and ECDH principle (RPM)