Key Exchange • We have seen already how public-key cryptography may be used for public key distribution; Diffie-Hellman key exchange • Public-key cryptography may be used also for key exchange: • Two parties (users) execute some algorithm (protocol) and get a common secret key; • The key may be used for subsequent encryption of messages; COMP 522 COMP 522 Diffie-Hellman Key Exchange Discrete logarithms • Most known algorithm for key exchange is Diffie- • Security of DH algorithm relies upon difficulty of Hellman algorithm (1976); computing discrete logarithms; • The purpose of the algorithm is exchange of a • Primitive root of a prime number p: a number secret key (not encryption); such that all numbers • DH algorithm is considered as a public-key are different; algorithm because: • Users to generate the same secret key rely on publicly • For any number b less than p and a primitive root known information + some private information; of p the discrete logarithm (index) of b for the • In principle, it is possible to generate a key knowing only base , mod p is the number such that public information, but it is computationally expensive; COMP 522 COMP 522 1 Discrete logarithms Diffie-Hellman key exchange • Notation: • Two publicly known numbers: • Key facts: • prime number q • It is relatively easy calculate exponentials modulo a • primitive root of q prime, that is given ,i,p calculate ; • Let A and B wish to exchange a key, then they do • It is very difficult and for large primes infeasible to the following: calculate discrete algorithms, that is given b,a,p find • A selects a random integer and keeps it in secret such that • B selects a random integer and keeps it in secret • A computes and sends it to B • B computes and sends it to A COMP 522 COMP 522 The secret key Deffie-Hellman Key Exchange • Both A and B is now able to calculate common secret key: • A calculates • B calculates • These calculations give identical results and K is the common secret key. COMP 522 COMP 522 2 How to break HD key exchange? Example • An attacker knows • For q = 7 check that 2 is not a primitive root of 7 • How can (s)he calculate K? and 3 is a primitive root of 7; • Straightforward way is to find out , or and • Let q = 7 and a = 3 is publicly known numbers in repeat calculations of A or B; DH algorithm; • However this includes calculations of discrete • Let XA = 4 and XB = 3 be private keys of A and B, logarithms: which is infeasible for large q; respectively; • No essentially better attacks are known. • Then YA= YB= • Common secret key COMP 522 COMP 522 3.