[ale] OT: Diffie-Hellman key exchange for dummies?
JK
jknapka at kneuro.net
Mon Aug 6 12:29:09 EDT 2007
This excerpt from the Wiki page captures the essence:
<quote>
1. Alice and Bob agree to use a prime number p=23 and base g=5.
2. Alice chooses a secret integer a=6, then sends Bob (g^a mod p)
* 56 mod 23 = 8.
3. Bob chooses a secret integer b=15, then sends Alice (g^b mod p)
* 515 mod 23 = 19.
4. Alice computes (g^b mod p)^a mod p
* 196 mod 23 = 2.
5. Bob computes (g^a mod p)^b mod p
* 815 mod 23 = 2.
Both Alice and Bob have arrived at the same value, because g^ab
and g^ba are equal.
</quote>
In this case, the agreed-upon key value is g^ab=2 (the "same value"
mentioned above). In other words, the basic principle is:
(1) Pick a number, a.
(2) Perform some mathematical operation F on a, and call the
result r. (The mathematical properties of F are important!)
(3) Send r to the other party.
(4) The other party has chosen a number b, computed F(b),
and sent you the result (call it s).
(5) Now, both you and the other party have r and s, which are
numbers "built from" a and b using F. You have a, she has b.
You can use some "reversibility" property of the operation
F to arrive at a common value known only to you and the
other party. Anyone can see the values r and s go across
the wire, but without the a or b values, which are secret,
they cannot use the knowledge of r and s to figure out the
common value (the key). The key (pardon the pun) to the whole
mechanism is choosing a function F that is easy to compute,
but whose inverse is hard to compute unless you know one of
the secret values. (This is kind of a magic trick: finding
good functions of this nature is not a trivial task.)
In the Wikipedia example, the function F is exponentiation mod p=23
using base g=5:
F(x) = (5^x)%23
Bob has a, g, g^b mod p (received from Alice), and p; a is secret.
Alice has b, g, g^a mod p (received from Bob), and p; b is secret.
Since in general:
(g^x mod p)^y mod p == (g^y mod p)^x mod p == g^xy mod p
therefore Bob and Alice can each compute g^ab mod p using only
the numbers the know -- that is, they don't need to know the
other party's secret value (a or b, respectively). So g^ab mod p
becomes the shared key.
A third party watching this exchange *cannot* compute the shared
key, because even though they know all of g, p, r=g^a mod p, and
s=g^b mod p, they do not know either a or b, and computing
g^ab mod p using only r and s is a difficult problem. (Actually
for tiny primes it can easily be brute-forced, but in real life DH
is done with, like, 1000-digit primes.)
-- JK
Jay Loden wrote:
> This is somewhat off topic for a Linux enthusiast group, but this a group of smart folks with lots of knowledge, so I figured it might be a good place to ask anyway:
>
> I've heard the term "Diffie-Hellman Key Exchange" used before, and in basic terms I know that it's a secure way of agreeing on a secret key. However, when I tried to read a couple of articles to understand how it works under the hood, I found myself out of my depth. I have programming experience, but I'm not formally trained, and I never went beyond Algebra 2. Even though I was able to implement a simplistic version of the exchange by following the Linux Journal article below I don't really understand why it works on a mathematical level.
>
> Anyone who likes a challenge feel like trying to explain in laymen's terms to a mathematically challenged individual? :-)
>
> References:
> http://en.wikipedia.org/wiki/Diffie-Hellman
> http://www.rsa.com/rsalabs/node.asp?id=2248
> http://www.linuxjournal.com/article/6131
> http://en.wikipedia.org/wiki/Discrete_logarithm
>
> -Jay
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>
>
--
"What can be asserted without evidence can also be
dismissed without evidence." -- Christopher Hitchens
More information about the Ale
mailing list