Diffie-Hellman Key Exchange

Color Mixing Example

 The Problem of Key Exchange

• One of the main problems of symmetric key

encryption is it requires a secure & reliable
channel for the shared key exchange.

• The Diffie-Hellman Key Exchange protocol

offers a way in which a public channel can
be used to create a confidential shared key.
 Modular what?

• In practice the shared encryption key relies

on such complex concepts as Modular
Exponentiation, Primitive Roots and
Discrete Logarithm Problems.

• Let’s see, we can explain the Diffie-

Hellman algorithm with no complex
mathematics.
 A Difficult One-Way Problem

• The first thing we require is a simple real-

world operation that is easy to Do but hard
to Undo.
• You can ring a bell but not unring one.
• Toothpaste is easy to squeeze out of a tube but
famously hard to put back in.

• In our example we will use Mixing Colors.

• Easy to mix 2 colors, hard to unmix
 Alice & Bob with Eve listening
wish to make a secret shared color
Step 1 - Both publicly agree to a
shared color
Step 2 - Each picks a secret color
Step 3 - Each adds their secret
color to the shared color
Step 4 - Each sends the other
their new mixed color
Each combines the shared color from
the other with their own secret color
 Alice & Bob have agreed to a
shared color unknown to Eve
• How is it that Alice & Bob’s final mixtures
are identical?

• Alice mixed
• [(Yellow + Teal) from Bob] + Orange

• Bob mixed
• [(Yellow + Orange) from Alice] + Teal
 Alice & Bob have agreed to a
shared color unknown to Eve
• How is it that Alice & Bob’s final mixture
is secret?

• Eve never has knowledge of the secret

colors of either Alice or Bob

• Unmixing a color into its component colors

is a hard problem
Diffie-Hellman Key Exchange
Adding Mathematics
Diffie-Hellman Key Exchange:

• It is a protocol that enables two users to

establish a secret key using a public-key
scheme based on discrete logarithms. The
protocol is secure only if the authenticity of
the two participants can be established.
 Primitive Root
• A primitive root of a prime number p as one
whose powers modulo generate all the
integers from 1 to p-1. That is, if a is a
primitive root of the prime number p, then
the numbers

• are distinct and consist of the integers from

1 through p - 1 in some permutation.
 Diffie-Hellman Key Exchange
Algorithm:
• For this scheme, there are two publicly
known numbers: a prime number q and an
integer α that is a primitive root of q.
• Suppose the users A and B wish to
exchange a key K. User A selects a random
integer XA < q and computes YA. Similarly,
user B independently selects a random
integer XB < q and computes YB.
• Each side keeps the X value private and
makes the Y value available publicly to the
other side.
Algorithm
 Step 1 –Publicly shared
information
• Alice & Bob publicly agree to a large prime
number called the modulus, or q.
• Alice & Bob publicly agree to a number
called the generator, or α, which has a
primitive root relationship with q.
• In our example we’ll assume
• q = 17
• α=3
• Eve is aware of the values of q or α.
 Step 2 – Select a secret key

• Alice selects a secret key, which we will

call Xa.
• Bob selects a secret key, which we will
call Xb.
• For our example assume:
• Xa = 54
• Xb = 24
• Eve is unaware of the values of Xa or Xb.
 Step 3 – Combine secret keys
with public information
• Alice combines her secret key of Xa with
the public information to compute Ya.
• Ya = α Xa mod q
• Ya = 354 mod 17
• Ya = 15
Step 3 – Combine secret key with
public information
• Bob combines his secret key of Xb with the
public information to compute Yb.
• Yb = α Xb mod q
• Yb = 354 mod 17
• Yb = 16
 Step 4 – Share combined values

• Alice shares her combined value, Ya, with

Bob. Bob shares his combined value, Yb,
with Alice.
• Sent to Bob
• Ya = 15
• Sent to Alice
• Yb = 16
• Eve is privy to this exchange and knows the
values of Ya and Yb.
 Step 5 – Compute Shared Key
• Alice computes the shared key.
• K = (Yb)Xa mod q
• K = (16)54 mod 17
• K=1
• Bob computes the shared key.
• K = (Ya)Xb mod q
• K = (15)24 mod 17
• K=1
 Alice & Bob have a shared
encryption key, unknown to Eve
• Alice & Bob have created a shared secret
key, K, unknown to Eve
• In our example K=1
• The shared secret key can now be used to
encrypt & decrypt messages by both parties.
Key Exchange Protocol Scenario using Diffie-Hellman

:
Man-in-the-Middle Attack:
The protocol depicted in in the previous figure is insecure against a
man-in-the-middle attack. Suppose Alice and Bob wish to exchange
keys, and Darth is the adversary. The attack proceeds as follows.

At this point, Bob and Alice think that they share a secret key, but
instead Bob and Darth share secret key K1 and Alice and Darth share
secret key K2. All future communication between Bob and Alice is
compromised in the following way.
The key exchange protocol is vulnerable to such an attack
because it does not authenticate the participants.
This vulnerability can be overcome with the use of digital
signatures and public- key certificates.