Foundations of Computer SecurityLecture 52: Diffie-Hellman Key ExchangeDr. Bill YoungDepartment of Computer SciencesUniversity of Texas at AustinLecture 52: 1 Diffie-Hellman Key ExchangeDiffie-Hellman Key ExchangeThe question of key exchange was one of the first problemsaddressed by a cryptographic protocol. This was prior to theinvention of public key cryptography.The Diffie-Hellman key agreement protocol (1976) was the firstpractical method for establishing a shared secret over an unsecuredcommunication channel.The point is to agree on a key that two parties can use for asymmetric encryption, in such a way that an eavesdropper cannotobtain the key.Lecture 52: 2 Diffie-Hellman Key ExchangeDiffie-Hellman Algorithm(knows p, g, A)Alice(knows p, g, B)Bob(g mod p)A(g mod p)BSteps in the algorithm:1Alice and Bob agree on a prime number p and a base g.2Alice chooses a secret number a, and sends Bob (gamod p).3Bob chooses a secret number b, and sends Alice (gbmod p).4Alice computes ((gbmod p)amod p).5Bob computes ((gamod p)bmod p).Both Alice and Bob can use this number as their key. Notice thatp and g need not be protected.Lecture 52: 3 Diffie-Hellman Key ExchangeDiffie-Hellman Example1Alice and Bob agree on p = 23 and g = 5.2Alice chooses a = 6 and sends 56mod 23 = 8.3Bob chooses b = 15 and sends 515mod 23 = 19.4Alice computes 196mod 23 = 2.5Bob computes 815mod 23 = 2.Then 2 is the shared secret.Clearly, much larger values of a, b, and p are required. Aneavesdropper cannot discover this value even if she knows p and gand can obtain each of the messages.Lecture 52: 4 Diffie-Hellman Key ExchangeDiffie-Hellman SecuritySuppose p is a prime of around 300 digits, and a and b at least100 digits each.Discovering the shared secret given g, p, gamod p and gbmod p would take longer than the lifetime of the universe, usingthe best known algorithm. This is called the discrete logarithmproblem.Lecture 52: 5 Diffie-Hellman Key ExchangeLessonsHow can two parties agree on a secret value when all of theirmessages might be overheard by an eavesdropper?The Diffie-Hellman algorithm accomplishes this, and is stillwidely used.With sufficiently large inputs, Diffie-Hellman is very secure.Next lecture: Digital SignaturesLecture 52: 6 Diffie-Hellman Key
View Full Document