Diffie-Hellman (DH) Key

Exchange Protocol:

The Diffie-Hellman (DH) key exchange protocol is a cryptographic algorithm

that enables two parties to establish a shared secret over an insecure
communication channel. This shared secret can be used for symmetric
encryption of the communications between these parties. DH is based on the
properties of modular arithmetic and the discrete logarithm problem (DLP).
This makes it computationally infeasible for an attacker to calculate the shared
secret.

Objective
The objective of this section is to:

1. Gain a deep understanding of the discrete logarithm problem (DLP) and its
role in the security of the DH protocol.

2. Understand the mathematical principles behind the DH key exchange.

3. Analyze the strengths and weaknesses of the DH protocol, particularly its

computational and power consumption requirements.

4. Explore the relevance of DH in modern cryptographic applications,

especially in resource-constrained environments like IoT.

1.1.1 Discrete Logarithm Problem (DLP)

The security of the DH protocol relies on the discrete logarithm problem (DLP),
which is defined as follows:

Let pbe a prime number, and g be a primitive root (or generator) of the
multiplicative group of integers modulo p. This means that g generates all
integers from 1 to p − 1when raised to powers modulo p.

For a given integer bsuch that 1 ≤ b < p , the discrete logarithm of b with
respect to g is the integer xsuch that: b = g
x
mod p 

The DLP is the problem of finding xgiven b, g , and p.

Diffie-Hellman (DH) Key Exchange Protocol: 1

 The difficulty of solving the DLP ensures the security of the DH protocol. While
computing g x mod p(modular exponentiation) is computationally efficient,
solving for xgiven g x mod p  is computationally infeasible for a large and
strong prime p.

1.1.2 Diffie-Hellman Key Exchange Protocol

The DH protocol allows two parties (Alice and Bob) to establish a shared secret
key over an insecure channel. The steps are as follows:

1. Agreement on Public Parameters:

Alice and Bob publicly agree on a large prime number pand a primitive
root g modulo p.

2. Private Key Generation:

Alice selects a private key a(a random integer such that 1 < a < p − 1

) and computes her public key: A 

a
= g mod p

Bob selects a private key b(a random integer such that 1 < b < p − 1

) and computes his public key: B = g

b
mod p 

3. Public Key Exchange:

Alice sends Ato Bob, and Bob sends B to Alice.

4. Shared Secret Computation:

Diffie-Hellman (DH) Key Exchange Protocol: 2

 Alice computes the shared secret: S = B
a b
mod p = (g )
a

mod p = g
a.b
mod p 

Bob computes the shared secret: S = A

b a
mod p = (g )
b
mod p =

g
a.b
mod p 

Both Alice and Bob now share the same secret S, which can be used as
a symmetric key for encryption.

1.1.3 Strengths of the DH Protocol

1. Security Based on DLP:

The security of DH relies on the hardness of the DLP, which is

computationally infeasible to solve for large and strong primes.

2. Insecure Communication Channel:

DH allows two parties to establish a shared secret over an insecure

communication channel without any prior communication or shared
secret.

3. Forward Secrecy:

If private keys aand bare ephemeral (used only once), the protocol
provides forward secrecy, it means that even if long-term keys are
compromised, the past communications remain secure.

1.1.4 Limitations of the DH Protocol

1. Computational Complexity:

The DH protocol requires modular exponentiation, which is

computationally intensive, especially for large primes p. This can be a
limitation in resource-constrained environments like IoT devices, where
computational power and energy are limited.

2. Power Consumption:

The high computational cost of modular exponentiation translates to

significant power consumption, which is a critical concern for battery-
operated IoT devices.

3. Vulnerability to Man-in-the-Middle (MITM) Attacks:

Diffie-Hellman (DH) Key Exchange Protocol: 3

 The basic DH protocol does not provide authentication, making it
susceptible to MITM attacks. An attacker can intercept and modify the
public keys exchanged between Alice and Bob.

4. Key Size Requirements:

To maintain security against modern attacks, DH requires large key

sizes (e.g., 2048 bits or more). This increases the computational and
memory requirements, further straining IoT devices.

5. Lack of Identity Verification:

The protocol does not inherently verify the identities of the

communicating parties, making it vulnerable to impersonation attacks.

1.1.5 Relevance to IoT

The computational and power requirements of DH pose challenges for IoT
devices, which have limited resources.

To address the limitations of DH, Elliptic Curve Diffie-Hellman (ECDH) was

introduced. ECDH offers the same security as DH but with significantly smaller
key sizes and lower computational requirements:

Parameter DH ECDH

Key Size 2048 bits 256 bits

Computational Power High Low

Power Consumption High Low

Assets:
Implementation of Diffie-Hellman key exchange in python:

dh.py

from Crypto.Util.number import getPrime, isPrime

import random

def get_strong_prime(bits):

Diffie-Hellman (DH) Key Exchange Protocol: 4

 # Returns a strong prime of size bits, i.e. a prime q such that p = (q-1)/2 is a
# This is useful for generating safe primes for DH, and is used in the DH key
# this will simplify the generation of a primitive root modulo p, and make the
while True:
p = getPrime(bits-1)
q = 2*p + 1
if isPrime(q):
return q

def get_primitive_root(p):
# Returns a primitive root modulo p, i.e. a number g such that for all 0 < i < p-1
# This is useful for generating the public keys in the DH key exchange
for g in range(2, p):
if all(pow(g, i, p) != 1 for i in [2,(p-1)//2]):
return g

def generate_DH_params(bits):
# Generates a DH keypair of size bits
# This is useful for the DH key exchange
p = get_strong_prime(bits)
g = get_primitive_root(p)
return p, g

def key_exchange():
# Generates a DH keypair, and simulates the key exchange
p, g = generate_DH_params(512)
a = random.randint(1, p-1) # Alice's private key
b = random.randint(1, p-1) # Bob's private key
A = pow(g, a, p) # Alice's public key
B = pow(g, b, p) # Bob's public key
s1 = pow(B, a, p) # Alice's shared secret
s2 = pow(A, b, p) # Bob's shared secret

print(f"p: {p}")
print(f"g: {g}")
print(f"Alice's private key: {a}")
print(f"Bob's private key: {b}")

Diffie-Hellman (DH) Key Exchange Protocol: 5

 assert s1 == s2

print('#'*30)
print("Key exchange successful!")
print(f"Alice's shared secret: {s1}")
print(f"Bob's shared secret: {s2}")

if __name__ == "__main__":
key_exchange()

References
1. Diffie, W., & Hellman, M. E. (1976). "New Directions in Cryptography." IEEE
Transactions on Information Theory.

2. Stallings, W. (2014). Cryptography and Network Security: Principles and

Practice. Pearson.

3. Li, N. (2010). "Research on Diffie-Hellman Key Exchange Protocol." 2nd

International Conference on Computer Engineering and Technology.

4. Adrian, D., et al. (2015). "Imperfect Forward Secrecy: How Diffie-Hellman

Fails in Practice." Proceedings of the 22nd ACM SIGSAC Conference on
Computer and Communications Security.

5. NIST Special Publication 800-56A. "Recommendation for Pair-Wise Key

Establishment Schemes Using Discrete Logarithm Cryptography."

Diffie-Hellman (DH) Key Exchange Protocol: 6