08

E3
N
C
U
AC

Cryptography and Network Security

Diffie-Hellman 192
Dr. Abdellatif Elkouny
Cryptographic Algorithms

08
E3
N
C
U
AC
Diffie-Hellman Key Exchange 194

08
• a public-key distribution scheme
• cannot be used to exchange an arbitrary message

E3
• rather it can establish a common key
• known only to the two participants

N
• value of key depends on the participants (and
C
their private and public key information)
U
• based on exponentiation in a finite (Galois)
AC

field (modulo a prime or a polynomial) - easy

• security relies on the difficulty of computing
discrete logarithms (similar to factoring) –
hard
Dr. Abdellatif Elkouny
Diffie-Hellman Setup 195

08
• all users agree on global parameters:

E3
• large prime integer or polynomial q
• a being a primitive root mod q

N
• each user (eg. A) generates their key
C
• chooses a secret key (number): xA < q
U
x
• compute their public key: yA = a A mod q
AC

• each user makes public that key yA

Dr. Abdellatif Elkouny

Diffie-Hellman Key Exchange 196

08
• shared session key for users A & B is KAB:
x x

E3
KAB = a A. B mod q
xB
= yA mod q (which B can compute)
x

N
= yB A mod q (which A can compute)

C
• KAB is used as session key in private-key
encryption scheme between Alice and Bob
U
• if Alice and Bob subsequently communicate,
AC

they will have the same key as before, unless

they choose new public-keys
• attacker needs an x, must solve discrete log
Dr. Abdellatif Elkouny
Diffie-Hellman Example 197

08
• users Alice & Bob who wish to swap keys:
• agree on prime q=353 and a=3

E3
• select random secret keys:

N
• A chooses xA=97, B chooses xB=233
• compute respective public keys:
C
97
U
• yA=3233 mod 353 = 40 (Alice)
• yB=3
AC
mod 353 = 248(Bob)
• compute shared
x
session key97as:
• KAB= yB A
mod 353 = 248 = 160 (Alice)
xB 233
• KAB= yA mod 353 = 40 = 160 (Bob)
Dr. Abdellatif Elkouny
Key Exchange Protocols 198

08
• users could create random private/public D-H keys each
time they communicate

E3
• users could create a known private/public D-H key and

N
publish in a directory, then consulted and used to
C
securely communicate with them
U
• both of these are vulnerable to a meet-in-the-Middle
AC

Attack
• authentication of the keys is needed

Dr. Abdellatif Elkouny

 Dr. Abdellatif Elkouny

Man-in-the-Middle Attack 199

1. Darth prepares by creating two private / public keys

08
2. Alice transmits her public key to Bob

E3
3. Darth intercepts this and transmits his first public key to
Bob. Darth also calculates a shared key with Alice

N
4. Bob receives the public key and calculates the shared
C
key (with Darth instead of Alice)
U
5. Bob transmits his public key to Alice
AC

6. Darth intercepts this and transmits his second public key

to Alice. Darth calculates a shared key with Bob
7. Alice receives the key and calculates the shared key
(with Darth instead of Bob)
 Darth can then intercept, decrypt, re-encrypt, forward
all messages between Alice & Bob
Pseudorandom Number Generation
(PRNG) based on Asymmetric Ciphers 200

08
asymmetric encryption algorithm produce apparently

E3
random output
hence can be used to build a pseudorandom number

N
generator (PRNG)
C
U
much slower than symmetric algorithms
AC

hence only use to generate a short pseudorandom bit

sequence (eg. key)

Dr. Abdellatif Elkouny

Summary 201

08
• have considered:

E3
• Diffie-Hellman key exchange
• Pseudorandom Number Generation (PRNG) based on

N
Asymmetric Ciphers (RSA)

C
U
AC

Dr. Abdellatif Elkouny