DH key exchange and ECDH principleTime 2013-06-24 18:50:55
csdn Blogsimilar articles (
0)
original http://blog.csdn.net/sudochen/article/details/9164427
let's take Alice and Bob as an example to describe the principle of Diffie-hellman key exchange.
all participants involved in the 1,diffie-hellman Exchange process define a group in which a large prime number p, base g, is defined.
2,diffie-hellman Key Exchange is a two-part process, both Alice and Bob need a private number, a, B.
The following is a process diagram for the DH interchange:
This image is from a wiki
Let's take an example below
1. Alice and Bob agreed to use p=23 and g=5.
2. Alice chooses a secret integer a=6, calculates a = g^a mod p and sends it to Bob.
A = 5^6 MoD 23 = 8.
3. Bob chooses a secret integer b=15, calculates b = g^b mod p and sends it to Alice.
B = 5^15 MoD 23 = 19.
4. Alice calculates s = B a mod p
19^6 mod 23 = 2.
5. Bob calculates s = A b mod p
8^15 mod 23 = 2.
ECDH key exchange:
ECDH:
ECC algorithms are used in conjunction with DH for key negotiation, a key exchange algorithm called ECDH. The exchange parties can negotiate a key without sharing any secrets. ECC is a cryptosystem based on elliptic curve discrete logarithm problem, given an elliptic curve of a point P, an integer k, it is easy to solve Q=KP; Given a point p, Q, know Q=KP, it is a difficult problem to find an integer k. ECDH is built on this mathematical conundrum. Key negotiation process:
assume that the key exchange is Alice, Bob, which has shared curve parameters (elliptic curve E, order n, Base point g).
1) Alice generates a random integer, A, calculates a=a*g. #生成Alice公钥
2) Bob generates a random integer b, calculating b=b*g. #生产Bob公钥
3) Alice passes A to Bob. A's delivery can be made public, that is, an attacker can obtain a.
because the discrete logarithm problem of elliptic curves is difficult, an attacker can not calculate a by a or G.
4) Bob passes B to Alice. Similarly, the delivery of B can be made public.
5) Bob receives the A that Alice passed, calculates the Q =b*a #Bob通过自己的私钥和Alice的公钥得到对称密钥Q
6) Alice receives Bob's pass B, calculates Q ' =a*b #Alice通过自己的私钥和Bob的公钥得到对称密钥Q '
Alice and Bob both get q=b*a=b* (a*g) = (b*a) *g= (a*b) *g=a* (b*g) =a*b=q ' (Commutative law and binding law), that is, both parties receive a consistent key Q.
Currently, the ECC algorithm suite support is ECDSA/ECDH in OpenSSL. In the country secret SSL suite, you can use ECDSA/ECC (key encryption transfer), ECDSA/ECDH (key negotiation) two sets of
DH key exchange and ECDH principle (RPM)