This preview shows page 1. Sign up to view the full content.
Unformatted text preview: able of Contents Next
 Chapter 22 KeyExchange Algorithms
22.1 DiffieHellman
DiffieHellman was the first publickey algorithm ever invented, way back in 1976 [496]. It gets its security from the difficulty of calculating discrete logarithms in a finite field, as compared with the ease of calculating exponentiation in the same field. DiffieHellman can be used for key distribution—Alice and Bob can use this algorithm to generate a secret key—but it cannot be used to encrypt and decrypt messages. The math is simple. First, Alice and Bob agree on a large prime, n and g, such that g is primitive mod n. These two integers don’t have to be secret; Alice and Bob can agree to them over some insecure channel. They can even be common among a group of users. It doesn’t matter. Then, the protocol goes as follows: (1) Alice chooses a random large integer x and sends Bob X = gx mod n (2) Bob chooses a random large integer y and sends Alice Y = gy mod n (3) Alice computes k = Yx mod n (4) Bob computes k´ = Xy mod n Both k and k´ are equal to gxy mod n. No one listening on the channel can compute that value; they only know n, g, X, and Y. Unless they can compute the discrete logarithm and recover x or y, they do not solve the problem. So, k is the secret key that both Alice and Bob computed independently. The choice of g and n can have a substantial impact on the security of this system. The number (n  1)/2 should also be a prime [1253]. And most important, n should be large: The security of the system is based on the difficulty of factoring numbers the same size as n. You can choose any g, such that g is primitive mod n; there’s no reason not to choose the smallest g you can—generally a onedigit number. (And actually, g does not have to be primitive; it just has to generate a large subgroup of the multiplicitive group mod n.) DiffieHellman with Three or More Parties
The DiffieHellman keyexchange protocol can easily be extended to work with three or more people. In this example, Alice, Bob, and Carol together generate...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details