Diffie-Hellman key exchange is a method that allows two parties to securely share a secret key over a public channel. This shared secret key can be used for encrypted communication using Symmetric Cryptography.

Discrete Logarithm Problem (DLP)

According to the trapdoor property, it is computationally infeasible to compute the discrete logarithm equation below, where , and are given, is a primitive root of , and is extremely large (greater than 2048 bits to represent ).

Key exchange process

The key exchange leverages the finite fields and primitive roots (generator) mathematical concepts.

  1. Public parameters
    • Two numbers are agreed upon by both, which is known in the public:
      • A large prime number (a prime number is the one only divisible by 1 or itself)
      • A large prime root (generator)
  2. Private key selection
    • Alice choose a private key , where
    • Bob choose a private key , where
  3. Public key computation
    • Alice computes her public key as:
    • Bob computes his public key as:
  4. Public key exchange
    • Alice sends her public key to Bob
    • Bob sends his public key to Alice
  5. Shared secret key computation
    • Alice computes the shared secret key:
    • Bob computes the shared secret key:

Both parties end up with the same secret value , which they can use as a shared key for symmetric encryption.

Security

  • Discrete Logarithm Problem: The security of the Diffie-Hellman key exchange relies on the difficulty of the discrete logarithm problem. Given , , and , it is computationally infeasible to determine aaa if is a large enough prime and is a suitable primitive root.
  • Eavesdroppers: An eavesdropper who intercepts , , A, and B cannot determine the shared secret without solving the discrete logarithm problem, which is considered computationally hard.

Man-in-the-middle attack

The key exchange protocol is vulnerable to man-in-the-middle attack because it does not authenticate the participants. The solution to such vulnerability is to use Digital Signature and public-key certificate.


Back to parent page: Symmetric Cryptography

Cyber_Security Network_Security INFO2222 Key_Exchange DiffieHellman_Key_Exchange Symmetric_Cryptography CSEC3616 DLP