Unformatted text preview: prove to Bob that Alice knows K. The Kerberos protocol timestamp exchange accomplishes the same thing. EKE can be implemented with a variety of publickey algorithms: RSA, ElGamal, DiffieHellman. There are security problems with implementing EKE with a knapsack algorithm (aside from the inherent insecurity of knapsack algorithms): The normal distribution of the ciphertext messages negates the benefits of EKE. Implementing EKE with RSA
The RSA algorithm seems perfect for this application, but there are some subtle problems. The authors recommend encrypting only the encryption exponent in step (1) and sending the modulus in the clear. An explanation of the reasoning behind this recommendation, as well as other subtleties involved in using RSA, is in [109]. Implementing EKE with ElGamal
Implementing EKE with the ElGamal algorithm is straightforward, and there is even a simplification of the basic protocol. Using the notation from Section 19.6, g and p are parts of the public key and are common to all users. The private key is a random number r. The public key is gr mod p. The message Alice sends to Bob in step (1) becomes Alice, gr mod p Note that this public key does not have to be encrypted with P. This is not true in general, but it is true for the ElGamal algorithm. Details are in [109]. Bob chooses a random number, R (for the ElGamal algorithm and independent of any random numbers chosen for EKE), and the message he sends to Alice in step (2) becomes EP(gR mod p, KgRr mod p) Refer back to Section 19.6 for restrictions on choosing the variables for ElGamal. Implementing EKE with DiffieHellman
With the DiffieHellman protocol, K is generated automatically. The final protocol is even simpler. A value for g and n is set for all users on the network. (1) Alice picks a random number, rA, and sends Bob A, grA mod n With DiffieHellman, Alice does not have to encrypt her first message with P. (2) Bob picks a random number, rB, and calculates K = grA*rB mod n He generates a random string RB, then calculate...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details