Escolar Documentos
Profissional Documentos
Cultura Documentos
cryptography"DiffieHellmanKeyExchange"inplainEnglishInformationSecurityStackExchange
InformationSecurityStackExchangeis
aquestionandanswersitefor
informationsecurityprofessionals.Join
themitonlytakesaminute:
signup
login
tour
Anybodycanask
aquestion
Here'showitworks:
Signup
help
Anybodycan
answer
Thebestanswersarevoted
upandrisetothetop
DiffieHellmanKeyExchangeinplainEnglish
CansomeoneexplaintomewhatDiffieHellmanKeyExchangeisinplainEnglish?IhavereadinanontechnewspagethatTwitterhasjust
implementedthistechnologywhichallowstwopersonstoexchangeencryptedmessagesontopofanonsecuredchannel.Howisthat(ifthisis
true)?
cryptography
EliasZamaria
107
askedNov24'13at1:10
user15119
11 Wikipediahasapictorialexplanation.RamchandraApteNov24'13at15:17
2 YouTubehasa(niceandeasy)videoexplaination:)TheRookierLearnerNov26'13at4:35
Thishasalreadybeenansweredinsignificantdetailonthissitesomewhere.I'lllookforalink...KnightOfNiJun9
'14at15:40
6Answers
DiffieHelmanisawayofgeneratingasharedsecretbetweentwopeopleinsuchawaythatthe
secretcan'tbeseenbyobservingthecommunication.That'sanimportantdistinction:You'renot
sharinginformationduringthekeyexchange,you'recreatingakeytogether.
Thisisparticularlyusefulbecauseyoucanusethistechniquetocreateanencryptionkeywith
someone,andthenstartencryptingyourtrafficwiththatkey.Andevenifthetrafficisrecorded
andlateranalyzed,there'sabsolutelynowaytofigureoutwhatthekeywas,eventhoughthe
exchangesthatcreateditmayhavebeenvisible.Thisiswhereperfectforwardsecrecy comes
from.Nobodyanalyzingthetrafficatalaterdatecanbreakinbecausethekeywasneversaved,
nevertransmitted,andnevermadevisibleanywhere.
Thewayitworksisreasonablysimple.Alotofthemathisthesameasyouseeinpublickey
cryptointhatatrapdoorfunctionisused.Andwhilethediscretelogarithmproblemistraditionally
used(thex ymodpbusiness),thegeneralprocesscanbemodifiedtouseellipticcurve
cryptographyaswell.
Buteventhoughitusesthesameunderlyingprinciplesaspublickeycryptography,thisisnot
asymmetriccryptographybecausenothingiseverencryptedordecryptedduringtheexchange.
Itis,however,anessentialbuildingblock,andwasinfactthebaseuponwhichasymmetric
cryptowaslaterbuilt.
Thebasicideaworksworkslikethis:
1.Icomeupwithtwoprimenumbersgandpandtellyouwhattheyare.
2.Youthenpickasecretnumber(a),butyoudon'ttellanyone.Insteadyoucomputegamodp
andsendthatresultbacktome.(We'llcallthatAsinceitcamefroma).
3.Idothesamething,butwe'llcallmysecretnumberbandthecomputednumberB.SoI
computegbmodpandsendyoutheresult(called"B")
4.Now,youtakethenumberIsentyouanddotheexactsameoperationwithit.Sothat'sBa
modp.
5.Idothesameoperationwiththeresultyousentme,so:Abmodp.
The"magic"hereisthattheanswerIgetatstep5isthesamenumberyougotatstep4.Nowit's
http://security.stackexchange.com/questions/45963/diffiehellmankeyexchangeinplainenglish
1/4
8/21/2016
cryptography"DiffieHellmanKeyExchange"inplainEnglishInformationSecurityStackExchange
The"magic"hereisthattheanswerIgetatstep5isthesamenumberyougotatstep4.Nowit's
notreallymagic,it'sjustmath,anditcomesdowntoafancypropertyofmoduloexponents.
Specifically:
(gamodp)bmodp=gabmodp
(gbmodp)amodp=gbamodp
Which,ifyouexaminecloser,meansthatyou'llgetthesameanswernomatterwhichorderyou
dotheexponentiationin.SoIdoitinoneorder,andyoudoitintheother.Ineverknowwhat
secretnumberyouusedtogettotheresultandyouneverknowwhatnumberIused,butwestill
arriveatthesameresult.
Thatresult,thatnumberwebothstumbleduponinstep4and5,isoursharedsecretkey.Wecan
usethatasourpasswordforAESorBlowfish,oranyotheralgorithmthatusessharedsecrets.
Andwecanbecertainthatnobodyelse,nobodybutus,knowsthatkeythatwecreatedtogether.
editedNov25'13at17:23
answeredNov24'13at7:28
tylerl
58.2k
19
109
186
6 DHispublickey/asymmetriccryptobutnotencryption.CodesInChaosNov24'13at12:15
8 Ithinkit'sworthmentioningthatthereasonthisissecureisthat,unlikenormallog(x),themodularlog(x)isthought
tobehardtocompute.Otherwisewecouldjustdo log_g(A) and log_g(B) toget a and b .
BlueRajaDannyPflughoeftNov24'13at19:25
7 Ithinkyoumightalsowanttoaddthat g isnotjustanyprimebutagenerator(oraprimitiveroot)of p
TheRookierLearnerNov26'13at4:40
8 @TheRookierLearnerthisanswerisasimplifiedexplanationofDHtherearequiteafewimportantdetailsomitted
forsimplicity.Thisshouldn'tbeconsideredanimplementationtutorial.tylerlNov26'13at5:57
Butassumingthisaninsecurenetwork,can'tijustfindtherootof'A'andtherefore'a'.andvoila!sorryformy
amateurquestionbutihavetolearn:pMero55May25at12:41
Theotheranswersdoanexcellentjobexplainingthemathsbehindthekeyexchange.Ifyou'd
likeamorepictorialrepresentation,nothingbeatstheexcellentpaintanalogyshownontheDiffie
HellmankeyexchangeWikipediaentry:
http://security.stackexchange.com/questions/45963/diffiehellmankeyexchangeinplainenglish
2/4
8/21/2016
cryptography"DiffieHellmanKeyExchange"inplainEnglishInformationSecurityStackExchange
Imageisinthepublicdomain
answeredJun9'14at14:30
Duncan
681
Thisimageisgreatatexplainingwhatitdoes.Myonlyproblemwas"Iftheattackerknowsthecommonpaintandhe
knowstheendmixtures,whycan'thefigureouttheoriginalcolor?".Theanswerisofcoursethatit'snotthecolorhe
needstoknow,buttheactualoriginalmixture,andasyoumentioned,themixtureseparationisexpensive.The
actualmathematicsthatallowsforthiswouldbegreattoknowinbriefdetailaswell.ffledglingJul29at13:49
DiffieHellmanisanalgorithmusedtoestablishasharedsecretbetweentwoparties.Itis
primarilyusedasamethodofexchangingcryptographykeysforuseinsymmetricencryption
algorithmslikeAES.
Thealgorithminitselfisverysimple.Let'sassumethatAlicewantstoestablishasharedsecret
withBob.
1.AliceandBobagreesonaprimenumber,
let'sassumethat p=23 and g=5 .
2.Alicechoosesasecretinteger
example,Ahasthevalueof8.
,andabase,
,inadvance.Forourexample,
whosevalueis6andcomputes
3.Bobchoosesasecretintegerbwhosevalueis15andcomputes
example,Bhasthevalueof19.
4.Alicesends
toBobandBobsends
A=g^amodp
B=g^bmodp
.Inthis
.Inthis
toalice.
5.Toobtainthesharedsecret,Alicecomputes
thevalueof s=2
6.Toobtainthesharedsecret,Bobcomputes
vlaueof s=2 .
Thealgorithmissecurebecausethevaluesof
transmittedacrossthewireatall.
s=B^amodp
s=A^bmodp
and
.Inthisexample,Aliceobtains
.Inthisexample,Bobobtainsthe
,whicharerequiredtoderive
arenot
answeredNov24'13at2:35
TerryChia
31.7k
10
82
155
5 It'snice,butyoucould'vealsoquotedthatit'sfromWikipedia.Waffle'sCrazyPeanutMay4'15at2:50
IfyouwantasimplerplainEnglishexplanationofDHthatcanbereadilyunderstoodbyevennon
technicalpeople,thereisthedoublelockedboxanalogy.
1.Aliceputsasecretinaboxandlocksitwithapadlockthatshehastheonlykeytoopen.
ShethenshipstheboxtoBob.
2.Bobreceivesthebox,putsasecondpadlockthatonlyhehasthekeytoonit,andshipsit
backtoAlice.
3.AliceremovesherlockandshipstheboxtoBobasecondtime.
4.Bobremoveshislock,opensthebox,andhasaccesstothesecretthatAlicesenthim.
Sincetheboxhasalwayshadatleastonelockonwhileintransit,Eveneverhastheopportunity
toseewhat'sinsideandandstealthesecret:Inthisacryptographickeythatwillbeusedfor
encryptingtheremainderofAliceandBob'scommunications.
answeredNov24'13at15:41
DanNeely
892
14
1 NowthisiswhatIcallaplainEnglishexplanation.loveyouman.user15119Nov24'13at16:31
25 WhileplainEnglish,thisdoesn'tdescribeDiffieHellman.ItdescribestheThreepassprotocolwhichhas
significantlydifferentpropertiesfromDH.Forexampleitrequiresthreepasses,whereasDHonlyrequiresasingle
pass.CodesInChaosNov24'13at18:21
Thekeyexchangeproblem
Asecureconnectionrequirestheexchangeofkeys.Butthekeysthemselveswouldneedtobe
transferedonasecureconnection.
http://security.stackexchange.com/questions/45963/diffiehellmankeyexchangeinplainenglish
3/4
8/21/2016
cryptography"DiffieHellmanKeyExchange"inplainEnglishInformationSecurityStackExchange
Therearetwopossiblesolution:
1.exchangethekeybyphysicallymeetingandsharingthekeys.
2.Somehowestablishedasharedsecretonapublicunsecurechannel.Thisiseasiersaid
thandone,andthefirstsuchimplementationofthisistheDiffieHellmanScheme.
Properties
DiffieHellmanmakesuseofamathematicalfunctionwiththefollowingproperties:
1.ItisEASYtocompute
2.ItisHARDtoinvert
f[x]
f[x]
(from
toget
3.ItisEASYtocalculate
from
and
f[B]
4.ItisEASYtocalculate
from
and
f[A]
5.ItisHARDtocalculate
withouteither
or
(evenwith
f[A]
and
f[B]
HowDHschemeworks
1.Alicecomesoutwitharandomnumber A .Shecomputes
Aliceneverdisclosesher A ,noteventoBob.
2.Bobcomesoutwithanotherrandomnumber B .Hecomputes
Alice.Bobneverdiscloseshis B ,noteventoAlice.
3.Alicecomputes
using
and
f[B]
.Bobcomputes
4.Mallory,whoisEavesdropping,hasonly
calculate S .
f[A]
and
f[B]
,andsends
f[A]
f[B]
using
f[A]
,andsends
and
toBob.
to
f[B]
f[A]
,andsoitisHARDforherto
5.AliceandBobnowshareacommonsecretwhichcanbeusedas(ortocomeupwith)akey
toestablishasecureconnection.
Sidenote:
TheDiffieHellmanSchemedoesnotprovideauthenticationofanykind.Itonlyallow2
anonymouspartiestoshareacommonsecret.ButforallAliceknows,shecouldbeshaking
handswiththedevil(insteadofBob).Thisiswhyweneedatleastonepartytobeauthenticated.
Forexample:SSL(https),thewebserverisauthenticatedusingPKI(PublicKeyInfrastructure),
andthenasecureconnectionisestablished(DH)betweenthewebsiteandtheclient.Sincethe
websitehasbeenauthenticated,theclientcantrustthewebsite,butthewebsitecannottrustthe
client.Itisnowsafefortheclienttoprovidehisownauthenticationdetailsonthewebpage.
editedMar13at5:10
answeredDec15'15at23:54
aiao
144
Diffiehelmanisamathematicalalgorithmtoexchangeasharedsecretbetweentwoparties.This
sharedsecretcanbeusedtoencryptmessagesbetweenthesetwoparties.Notethatdiffie
helmandoesnotprovideauthenticationbetweenthesetwoparties.
answeredNov24'13at1:20
LucasKauffman
43.1k
85
157
Itlacksexplanation,Iwishyoucouldexplainalittlebitmore...user15119Nov24'13at2:11
4 Youwantedanenglishexplanationwithoutmath.LucasKauffmanNov24'13at8:56
InthecaseofanHTTPSconnection,authenticationishandledbytheSSLcertificateframework.Youcanbecertain
(asyoucanbe)thatyouarecommunicatingwiththeintendedpartiesthroughverificationandtrust.The
handshake/negotiationofanSSLconnectionisexpensiveintermsofoverhead.TheDHalgorithmallowsboth
partiestosecurelynegotiateasymmetrickeyforencryption/decryptionwhichismuchmoreefficient.k1DBLITZ
Nov25'14at15:53
http://security.stackexchange.com/questions/45963/diffiehellmankeyexchangeinplainenglish
4/4