Scribd
Upload
373 views24 pages

Diffie-Hellman Key Exchange Man-in-the-Middle Attack Elgamal Cryptographic System

The document discusses three cryptographic concepts: Diffie-Hellman key exchange, man-in-the-middle attacks, and the Elgamal cryptographic system. It explains how Diffie-Hellman key exchange works using discrete logarithms to allow two parties to securely exchange a key. It describes how man-in-the-middle attacks undermine Diffie-Hellman by intercepting the key exchange. It then outlines how the Elgamal cryptosystem, like Diffie-Hellman, uses discrete logarithms but provides encryption of messages in addition to key exchange.

Uploaded by

Abhijeet Thamake
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
373 views24 pages

Diffie-Hellman Key Exchange Man-in-the-Middle Attack Elgamal Cryptographic System

The document discusses three cryptographic concepts: Diffie-Hellman key exchange, man-in-the-middle attacks, and the Elgamal cryptographic system. It explains how Diffie-Hellman key exchange works using discrete logarithms to allow two parties to securely exchange a key. It describes how man-in-the-middle attacks undermine Diffie-Hellman by intercepting the key exchange. It then outlines how the Elgamal cryptosystem, like Diffie-Hellman, uses discrete logarithms but provides encryption of messages in addition to key exchange.

Uploaded by

Abhijeet Thamake
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 24

 Diffie-Hellman Key Exchange

 Man-in-the-Middle Attack
 Elgamal Cryptographic System
Diffie-Hellman
Key Exchange
 The first published public-key algorithm appeared in the
seminal paper by Diffie and Hellman that defined public-
key cryptography [1976] and is generally referred to as
Diffie-Hellman key exchange.
 A number of commercial products employ this key
exchange technique.
 The purpose of the algorithm is to enable two users to
securely exchange a key that can then be used for
subsequent symmetric encryption of messages.
 The algorithm is limited to the exchange of secret values.
 The Diffie-Hellman algorithm depends for its effectiveness
on the difficulty of computing discrete logarithms.
 Briefly, we can define the discrete logarithm in the following
way:
 a primitive root of a prime number p is one whose powers
modulo p generate all the integers from 1 to p - 1.
 That is, if a is a primitive root of the prime number p,
then the numbers a mod p, a2 mod p, …, ap-1 mod p are
distinct and consist of the integers from 1 through p - 1 in
some permutation.
Example: Powers of Integers, Modulo 19

For the prime number 19, its primitive roots are 2, 3, 10, 13,
14, and 15.
 For any integer b and a primitive root a of prime
number p, we can find a unique exponent i such that:
b  ai (mod p), where 0  i  (p - 1)
 The exponent i is referred to as the discrete logarithm
of b for the base a, mod p.
 We express this value as dloga,p(b) = i.
 Example:
dlog2,19(1) = 18
 218 mod 19 = 262144 mod 19 = 1
 The Algorithm of Diffie-Hellman key exchange

 There are two publicly known numbers: a prime number q


and an integer α that is a primitive root of q.
 Suppose the users A and B wish to create a shared key.
 User A selects a random integer XA < q and computes:

YA = α^XA mod q.

 Similarly, user B independently selects a random integer XB


< q and computes
YB = α^XB mod q.
 Each side keeps the X value private and makes the Y
value available publicly to the other side.
 Thus, XA is A’s private key and YA is A’s corresponding
public key, similarly for B.
 User A computes the key as
K = (YB)^XA mod q
 and user B computes the key as
K = (YA)^XB mod q.
User A computes the key as: and user B computes the key as:
K = (YB)^XA mod q K = (YA)^XB mod q.

The result is that the two sides have exchanged a secret value.
Typically, this secret value is used as shared symmetric secret key.
 For an adversary who wishes to determine the secret key K.
 Because XA and XB are private, an adversary only has the following

ingredients to work with: q, α, YA, and YB.


 Thus, the adversary is forced to take a discrete logarithm to determine the
key.
 For example, to determine the private key of user B, an adversary must
compute XB = dlogα,q(YB)
 The adversary can then calculate the key K in the same manner as user B
calculates it.
 That is, the adversary can calculate K as K = (YA)^XB mod q
 The security of the Diffie-Hellman key exchange lies in the fact that,
while it is relatively easy to calculate exponentials modulo a prime, it is
very difficult to calculate discrete logarithms.
 For large primes, the latter task is considered infeasible.
Example: Key exchange is based on the use of the prime number
q = 353 and a primitive root of 353, in this case α = 3.
 A and B select private keys XA = 97 and XB = 233,
respectively.
 A computes its public key :
YA = 397 mod 353 = 40.
 B computes its public key:
YB = 3233 mod 353 = 248.

 A computes K = (YB)^XA mod 353 = 24897 mod 353 = 160.

 B computes K = (YA)^XB mod 353 = 40233 mod 353 = 160.


 We assume an attacker would have available the following
information: q = 353; α = 3; YA = 40; YB = 248
 In this simple example, it would be possible by brute force to
determine the secret key 160.
 In particular, an attacker E can determine the common key by
discovering a solution to the equation: 3a mod 353 = 40 or the
equation 3b mod 353 = 248.
 The brute-force approach is to calculate powers of 3 modulo
353, stopping when the result equals either 40 or 248.
 The desired answer is reached with the exponent value of 97,
which provides 397 mod 353 = 40.
 With larger numbers, the problem becomes impractical.
Man-in-the-Middle Attack
 Suppose Alice and Bob wish to exchange keys, and Darth is
the adversary. The attack proceeds as follows
Man-in-the-Middle Attack
 At this point, Bob and Alice think that they share a secret key, but
instead Bob and Darth share secret key K1 and Alice and Darth share
secret key K2.
 All future communication between Bob and Alice is compromised in
the following way.
1. Alice sends an encrypted message M: E(K2, M).
2. Darth intercepts the encrypted message and decrypts it to recover M.
3. Darth sends Bob E(K1, M) or E(K1, M′), where M′ is any message.
• In the first case, Darth simply wants to eavesdrop on the
communication without altering it.
• In the second case, Darth wants to modify the message going to
Bob.
 The key exchange protocol is insecure against a man-in-
the-middle attack and vulnerable to such an attack
because it does not authenticate the participants.
 This vulnerability can be overcome with the use of
digital signatures and public-key certificates; these
topics are explored later.
Elgamal Cryptographic System

 In 1984, T. Elgamal announced a public-key scheme based


on discrete logarithms, closely related to the Diffie-Hellman
technique.
 The Elgamal cryptosystem is used in some form in a
number of standards including the digital signature standard
(DSS), and the S/MIME e-mail standard.
 As with Diffie-Hellman, the global elements of Elgamal are
a prime number q and α, which is a primitive root of q.
 User A generates a private/public key pair as follows:
1. Generate a random integer XA, such that 1 < XA < q - 1.

2. Compute YA = α^XA mod q.

3. A’s private key is XA and A’s public key is {q, α, YA}.


 User B that has access to A’s public key can encrypt a message as:
1. Represent the message as an integer M in the range 0 < M < q - 1.
Longer messages are sent as a sequence of blocks, with each
block being an integer less than q.
2. Choose a random integer k such that 1  k  q - 1.
3. Compute a one-time key K = (YA)k mod q.

4. Encrypt M as the pair of integers (C1, C2) where C1 = αk mod q;

C2 = KM mod q
 User A recovers the plaintext as follows:
1. Recover the key by computing K = (C1)^XA mod q.
2. Compute M = (C2K-1 ) mod q.
 In these steps : Alice generates a public/private key pair;
Bob encrypts using Alice’s public key;
Alice decrypts using her private key.
 Let us demonstrate why the Elgamal scheme works.

=
 K functions as a one-time
key, used to encrypt and
decrypt the message.
Example: let q = 19. It has primitive roots {2, 3, 10, 13, 14, 15}.
We choose α = 10.
 Alice generates a key pair as follows:
1. Alice chooses XA = 5.
2. Then YA = α ^XA mod q = α5 mod 19 = 3.
3. Alice’s private key is 5 and Alice’s public key is {q, α, YA}= {19, 10,
3}.
 Suppose Bob wants to send the message with the value M = 17. Then:
1. Bob chooses k = 6.
2. Then K = (YA) k mod q = 36 mod 19 = 729 mod 19 = 7.
3. So C1 = αk mod q = α6 mod 19 = 11
C2 = KM mod q = 7 * 17 mod 19 = 119 mod 19 = 5
4. Bob sends the ciphertext (11, 5).
 For decryption:
1. Alice calculates K=(C1)^XA mod q = 115 mod 19 = 161051 mod 19=7
2. Then K-1 is 7-1 mod 19 = 11  K-1=(1+n*19)/7 (take the integer result)
3. Finally, M = (C2K-1 ) mod q = 5 * 11 mod 19 = 55 mod 19 = 17.
 If a message must be broken up into blocks and sent as a
sequence of encrypted blocks, a unique value of k should be
used for each block.
 If k is used for more than one block, knowledge of one block
M1 of the message enables the user to compute other blocks as
follows, Let
C1,1 = αk mod q; C2,1 = KM1 mod q
C1,2 = α k mod q; C2,2 = KM2 mod q
Then,
C2,1 / C2,2 = (KM1 mod q) / KM2 mod q = M1 mod q / M2 mod q

 If M1 is known, then M2 is easily computed as


M2 = (C2,1)-1 C2,2 M1 mod q
 The security of Elgamal is based on the difficulty of computing
discrete logarithms.
 To recover A’s private key, an adversary would have to
compute
XA = dloga,q(YA).
 Alternatively, to recover the one-time key K, an adversary
would have to determine the random number k, and this
would require computing the discrete logarithm
k = dloga,q(C1).
 It is points out that these calculations are regarded as
infeasible if p is at least 300 decimal digits and q - 1 has
at least one “large” prime factor.

You might also like