BLOCK CIPHERS AND

PUBLIC KEY
CRYPTOGRAPHY
Prof. Saurabh Kulkarni
Department of Artificial Intelligence & Data Science
 DIFFIE HELLMAN KEY
EXCHANGE
• One of the first public key exchange scheme
• A number of commercial products employ this key
exchange technique
• The purpose of the algorithm is to enable two users to
exchange a secret key securely that can then be used for
subsequent encryption of messages
• The algorithm itself is limited to the exchange of the keys
• Depends for its effectiveness on the difficulty of
computing discrete logarithms
• First, we define a primitive root of a prime number p as
one whose powers generate all the integers from 1 to p –
1
• That is, if a is a primitive root of the prime number p, then
the numbers a mod p, a2 mod p,..., ap-1 mod p are distinct
and consist of the integers from 1 through p - 1 in some
permutation
• For any integer b less than p and a primitive root a of
prime number p, one can find a unique exponent i such
that b = ai mod p where 0<= i<= (p - 1)
• The exponent i is referred to as the discrete logarithm,
or index, of b for the base a, mod p. We denote this value
as dloga,p(b)
 ALGORITHM
• For this scheme, there are two publicly known numbers: a
prime number q and an integer a that is a primitive root
of q
• Suppose the users A and B wish to exchange a key
• User A selects a random integer XA < q and computes YA
= aXAmod q
• Similarly, user B independently selects a random integer
XB < q and computes YB = aXBmod q
• Each side keeps the X value private and makes the Y
value available publicly to the other side
• User A computes the key as K = (YB)XA mod q and user B computes the
key as K = (YA)XB mod q
• The result is that the two sides have exchanged a secret
value
• Furthermore, because XA and XB are private, an adversary
only has the following ingredients to work with: q, a, YA,
and YB
• Thus, the adversary is forced to take a discrete logarithm
to determine the key
• For example, to determine the private key of user B, an
adversary must compute XB = dloga, q (YB)
• The security of the Diffie-Hellman key exchange lies in the
fact that, while it is relatively easy to calculate
exponentials modulo a prime, it is very difficult to
calculate discrete logarithms
• For large primes, the latter task is considered infeasible
 EXAMPLE
• q=353
• Primitive root of 353, in this case a = 3
• A and B select secret keys XA = 97 and XB = 233, respectively
• A computes YA = 397 mod 353 = 40.
• B computes YB = 3233 mod 353 = 248.
• After they exchange public keys, each can compute the common secret
key:
• A computes K = (YB)XA mod 353 = 24897 mod 353 = 160.
• B computes K = (YA)XB mod 353 = 40233 mod 353 = 160.
• In this simple example, it would be possible by brute force to
determine the secret key 160
• In particular, an attacker E can determine the common key by
discovering a solution to the equation 3a mod 353 = 40 or the
equation 3b mod 353 = 248
• The brute force approach is to calculate powers of 3 modulo 353,
stopping when the result equals either 40 or 248
• The desired answer is reached with the exponent value of 97,
which provides 397 mod 353 = 40
• With larger numbers, the problem becomes impractical
SCENARIO FOR DIFFIE- HELLMAN
ALGORITHM
• As an example of another use of the Diffie-Hellman algorithm,
suppose that in a group of users (e.g., all users on a LAN), each
generates a long-lasting private key and calculates a public key
• These public values, together with global public values for q and a,
are stored in some central directory
• At any time, user B can access user A’s public value, calculate a
secret key, and use that to send an encrypted message to user A
• If the central directory is trusted, then this form of communication
provides both confidentiality and a degree of authentication
• Because only A and B can determine the key, no other
user can read the message (confidentiality)
• User A knows that only user B could have created a
message using this key (authentication)
• However, the technique does not protect against replay
attacks
 MAN-IN-THE-MIDDLE ATTACK
• Suppose Alice and Bob wish to exchange keys, and Darth is the adversary
• The attack proceeds as follows:
1. Darth prepares for the attack by generating two random private keys XD1 and XD2
and then computing the corresponding public keys YD1 and YD2.
2. Alice transmits YA to Bob.
3. Darth intercepts YA and transmits YD1 to Bob. Darth also calculates K2 = (YA)XD2
mod q.
4. Bob receives YD1 and calculates K1 = (YD1)XB mod q.
5. Bob transmits YB to Alice.
6. Darth intercepts YB and transmits YD2 to Alice. Darth calculates K1 = (YB)XD1 mod q.
7. Alice receives YD2 and calculates K2 = (YD2)XA mod q.
• At this point, Bob and Alice think that they share a secret key, but instead
Bob and Darth share secret key K1 and Alice and Darth share secret key
K2
• All future communication between Bob and Alice is compromised in the
following way:
• 1. Alice sends an encrypted message M: E(K2, M).
• 2. Darth intercepts the encrypted message and decrypts it, to recover M.
• 3. Darth sends Bob E(K1, M) or E(K1, M’), where M’ is any message. In the
first case, Darth simply wants to eavesdrop on the communication
without altering it. In the second case, Darth wants to modify the
message going to Bob
• The key exchange protocol is vulnerable to such an attack
because it does not authenticate the participants
• This vulnerability can be overcome with the use of digital
signatures and public-key certificates