Key Exchange

References:
Applied Cryptography, Bruce Schneier
Cryptography and Network Securiy, Willian Stallings
Outlines
• Primitives Root
• Discrete Logarithm
• Diffie-Hellman
• ElGamal
Primitive Root
• A primitive root of a prime number p as one whose powers
modulo p generate all the integers from 1 to p-1.

• If α is primitive root of p, the numbers:

α mod p, α 2 mod p, α 3 mod p, . . ., α p-1 mod p
are difference.

• Example:
• A prime number 19 has primitive roots: 2, 3, 10, 13, 14, and
15. (It’s shown by Powers of Integers, Modulo 19 Table)
Powers of Integers, Modulo
19 Table
Discrete Logarithm
• For a pair of primitive root α and a prime number p:
dlogα,p(1) = 0  α0 mod p = 1 mod p = 1
dlogα,p(α) = 1  α1 mod p = α
• Based on Powers of Integers, Modulo 19 Table (previous
slide) :
dlog2,19(3) = 13
dlog2,19(6) = 14
Diffie-Hellman Key Exchange
Diffie-Hellman Key Exchange
• The Diffie Hellman was the first public-key algorithm.
• It was invented in 1976.
• This algorithm can be used to generate secret key but not to
encrypt and decrypt message.
• Alice and Bob agree on large prime q and α. α is primitive
root of q.
• q and α do not have to be secret and transmitted over
insecure channel.
Diffie-Helman Protocol (1)
• Alice chooses a random large integer XA and sends Bob
YA = αXA mod q
• Bob chooses a random large integer XB and sends Alice
YB = αXB mod q
• Alice computes
K = YBXA mod q
• Bob computes
K = YAXB mod q
Everyone on the channel just know q, α, YA, and YB.
Diffie-Helman Protocol (2)
 Diffie-Hellman with n Parties
(1)
• n=3
• Alice chooses a random large integer XA and sends Bob : YA = αXA mod q.
• Bob chooses a random large integer XB and sends Carol : YB = αXB mod q.
• Carol chooses a random large integer XC and sends Alice : YC = αXC mod q.
• Alice sends Bob : YC‘ = YCXA mod q.
• Bob sends Carol : YA‘ = YAXB mod q.
• Carol sends Alice : YB‘ = YBXC mod q.
• Alice computes secret key : K = (YB’)XA mod q.
• Bob compues secret key : K = (YC’)XB mod q.
• Carol computes secret key : K = (YA’)XC mod q.
Diffie-Hellman with n Parties
(2)

•How about 4 parties?

Man-in-the-Middle Attack
(1)
• The key exchange of Diffie-Hellman is insecure against a man-
in-the-middle attack.
• Alice and Bob will exchange the key, Darth is the adversary.
• Darth prepares the attack by generating two random keys
XD1 and XD2. Darth computes YD1 and YD2.
• Alice sends Bob YA.
• Darth intercepts YA and sends Bob YD1. Darth computes
K2 = (YA)XD2 mod q.
• Bob computes K1 = (YD1)XB mod q.
• Bob sends Alice YB.
• Darth intercepts YB and sends Alice YD2. Darth computes
K1 = (YB)XD1 mod q.
• Alice computes K2 = (YD2)XA mod q.
Man-in-the-Middle Attack
(2)
• Communication between Alice and bob after key exchange
process.
• Alice sends Bob encrypted message M: E(K2,M).
• Darth intercepts the encrypted message and decrypts it.
• Darth sends Bob E(K1,M) or E(K1,M’), M’ is any message (In
this case, Darth alter the message).
ElGamal Key Exchange
ElGamal Key Exchange (1)
• ElGamal was announced a public-key scheme based on
discrete logarithms in 1984.
• ElGamal is closelly related to Diffie-Hellman technique.
• A prime number q and α in ElGamal an Diffie-Hellman are the
same.

• Alice can generate a private/public key:

• Alice generates a random integer XA (1 < XA < q-1).
• Alice computes YA = αXA mod q.
• Alice has a private XA and public key {q, α, YA}.
ElGamal Key Exchange (2)
• Bob can encrypt a message using Alice’s public key:
• The message is integer M in the range 0 ≤ M ≤ q-1.
• Bob chooses a random integer k (1 ≤ k ≤ q-1).
• Bob computer one-time key K = (YA)k mod q.
• Bob encrypts M  (C1,C2) where:
• C1 = αk mod q
• C2 = KM mod q

• Alice can recover the plaintext:

• Alice recovers the key by computing K = (C1)XA mod q.
• Alice computes M = (C2K-1) mod q.
Security of ElGamal

To recover Alice’s private key, an

adversary would have to compute
discrete logarithm XA = dlogα,q(YA).

To recover the one-time key K, an

adversary would have to compute
discrete logarithm k = dlogα,q(C1).
ONE WAY & HASH FUNCTION
• Algoritma Hash Function
• Birthday Attack
Hash Function
• A hash function H accepts a variable-length block of data M
as input and produces a fixed-size hash value h = H(M).
• A “good” hash function has the property that the results of
applying the function to a large set of inputs will produce
outputs that are evenly distributed and apparently random. In
general terms, the principal object of a hash function is data
integrity.
• A change to any bit or bits in M results, with high probability,in
a change to the hash code.
• hash functions are often used to determine whether or not
data has changed.
Variety Ways in which hash code can be
used to provide message authentication
Variety Ways in which hash code can be
used to provide message authentication
(2)
• The message plus concatenated hash code is encrypted
using symmetric encryption. Because only A and B share the
secret key, the message must have come from A and has not
been altered. The hash code provides the structure or
redundancy required to achieve authentication. Because
encryption
• is

• applied
• to the entire message plus hash code, confidentiality is also
provided.