Scribd
Upload
116 views

09.3 Basic Key Exchange Annotated Diffie Helman

This document provides an overview of the Diffie-Hellman key exchange protocol. It explains that the protocol allows two parties to securely establish a shared secret key over an insecure channel without using a trusted third party. The document outlines the basic steps of the protocol where Alice and Bob choose random private values, compute public values, and derive the same shared secret key. It also discusses the security of the Diffie-Hellman problem and transitioning to elliptic curve cryptography to provide stronger security with smaller key sizes.

Uploaded by

Preethi Sai Krishnan
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
116 views

09.3 Basic Key Exchange Annotated Diffie Helman

This document provides an overview of the Diffie-Hellman key exchange protocol. It explains that the protocol allows two parties to securely establish a shared secret key over an insecure channel without using a trusted third party. The document outlines the basic steps of the protocol where Alice and Bob choose random private values, compute public values, and derive the same shared secret key. It also discusses the security of the Diffie-Hellman problem and transitioning to elliptic curve cryptography to provide stronger security with smaller key sizes.

Uploaded by

Preethi Sai Krishnan
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

Online

Cryptography Course Dan Boneh

Basic key exchange

The Die-Hellman
protocol
Dan Boneh

Key exchange without an online TTP?


Goal: Alice and Bob want shared secret, unknown to eavesdropper
For now: security against eavesdropping only (no tampering)

Alice

Bob
eavesdropper ??

Can this be done with an exponenJal gap?


Dan Boneh

The Die-Hellman protocol (informally)


Fix a large prime p (e.g. 600 digits)
Fix an integer g in {1, , p}
Alice

Bob

choose random a in {1,,p-1}

Ba (mod p) = (gb) =

choose random b in {1,,p-1}

= gab (mod p)

kAB

= (ga) = Ab (mod p)
Dan Boneh

Security (much more on this later)


Eavesdropper sees: p, g, A=ga (mod p), and B=gb (mod p)

Can she compute gab (mod p) ??


More generally: dene DHg(ga, gb) = gab (mod p)

How hard is the DH funcJon mod p?


Dan Boneh

How hard is the DH funcJon mod p?


Suppose prime p is n bits long.
Best known algorithm (GNFS): run Jme exp( )
cipher key size
80 bits
128 bits
256 bits (AES)

modulus size
1024 bits
3072 bits
15360 bits

EllipJc Curve
size
bits
160
256
bits
bits
512

As a result: slow transiJon away from (mod p) to ellipJc curves


Dan Boneh

EllipJc curve
Die-Hellman
Dan Boneh

Insecure against man-in-the-middle


As described, the protocol is insecure against ac3ve aaacks
Alice

MiTM

Bob

Dan Boneh

Another look at DH
Facebook

ga

gb

gc

gd

Alice

Bob

Charlie

David
d

KAC

=gac

KAC=gac
Dan Boneh

An open problem
Facebook

ga

gb

gc

gd

Alice

Bob

Charlie

David
d

KABCD

KABCD

KABCD

KABCD


Dan Boneh

End of Segment

Dan Boneh

You might also like