1 / 11

Lecture 7b: The Diffie-Hellman Secret Sharing Scheme

Lecture 7b: The Diffie-Hellman Secret Sharing Scheme. Wayne Patterson SYCS 653 Fall 2009. The Diffie-Hellman Key Exchange.

verna
Download Presentation

Lecture 7b: The Diffie-Hellman Secret Sharing Scheme

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecture 7b:The Diffie-Hellman Secret Sharing Scheme Wayne Patterson SYCS 653 Fall 2009

  2. The Diffie-Hellman Key Exchange • Early in the development of the public key paradigm, a method to exchange secret or symmetric keys was devised by Whitfield Diffie and Martin Hellman, which is still in widespread use today.

  3. The Diffie-Hellman Key Exchange • As with the RSA, this involves the difficulty of factoring large integers, or, what turns out to be equivalent, solving the so-called “discrete logarithm” problem.

  4. Diffie-Hellman • Invented by Williamson (GCHQ) and, independently, by D and H (Stanford) (see Stamp, p. 70) • A “key exchange” algorithm • Used to establish a shared symmetric key • Not for encrypting or signing • Security rests on difficulty of discrete log problem: given g, p, and gk mod p find k

  5. The Diffie-Hellman Key Exchange • First, a little more on prime numbers • For every prime number p, and every number a mod p, we know by the Little Fermat Theorem that ap-1 = 1 (mod p). • Any g for which all of the exponents a, a2, …, ap-1 are distinct is called a primitive root of p, or a generator.

  6. How to Find a Primitive Root • Not easy, but not impossible. • Mathematica has it built-in. • Once you find one, easy to find many • If g is a primitive root of p, then if GCD(m,p-1) = 1 for m < (p-1), then gm is also a primitive root of p.

  7. Diffie-Hellman • Let p be prime, let g be a generator • For any x{1,2,…,p-1} there is n s.t. x = gn mod p • Alice selects secret value a • Bob selects secret value b • Alice sends ga mod p to Bob • Bob sends gb mod p to Alice • Both compute shared secret gab mod p • Shared secret can be used as symmetric key

  8. Diffie-Hellman • Suppose that Bob and Alice use gab mod p as a symmetric key • Trudy can see ga mod p and gb mod p • Note ga gb mod p = ga+b mod p  gab mod p • If Trudy can find a or b, system is broken • If Trudy can solve discrete log problem, then she can find a or b

  9. Diffie-Hellman • Public:g and p • Secret: Alice’s exponent a, Bob’s exponent b ga mod p gb mod p Alice, a Bob, b Alice computes (gb)a = gba= gab mod p Bob computes (ga)b = gab mod p Could use K = gab mod p as symmetric key

  10. Diffie-Hellman • Subject to man-in-the-middle (MiM) attack ga mod p gt mod p gt mod p gb mod p Trudy, t Bob, b Alice, a Trudy shares secret gat mod p with Alice Trudy shares secret gbt mod p with Bob Alice and Bob don’t know Trudy exists!

  11. Diffie-Hellman • How to prevent MiM attack? • Encrypt DH exchange with symmetric key • Encrypt DH exchange with public key • Sign DH values with private key • Other? • You MUST be aware of MiM attack on Diffie-Hellman

More Related