Why Is Diffie-Hellman Referred To As A Key Agreement Protocol Rather Than A Key Exchange Protocol

Why Is Diffie-Hellman Referred To As A Key Agreement Protocol Rather Than A Key Exchange Protocol

The Diffie Hellman key exchange was an innovative method to help two unknown parties communicate safely when it was developed in the 1970s. While we are implementing newer versions with larger keys to protect against modern technology, the protocol itself seems to remain secure until the arrival of the quantum computer and the resulting advanced attacks. To prevent the head from exploding, we make this statement with much smaller numbers. Note that the Diffie-Hellman key exchange would be uncertain if it used numbers as small as our example. We just use small numbers to demonstrate the concept more easily. If a real implementation of the Diffie-Hellman key exchange uses numbers as small as our example, it would make the process of exchanging an attacker trivial. But it`s not just the size of the numbers that counts, the numbers must also be random enough. If a random number generator generates a predictable output, it can completely undermine the security of Diffie Hellman key exchange. In the classic key exchange, the exhaustive search for the right long-term key simply cannot be made possible by construction: it is totally random and very long.

On the other hand, a password is probably short and is created from a small set of values with a coincidence less than the ideal, which allows an exhaustive search. We illustrate the impact of this phenomenon with a “stupid” protocol. Alice and Bob agree on two whole positive numbers, a prime number and a generator. A generator is a number that, if increased to full positive forces less than the prime number, never gives the same result for two of these whole numbers. Suppose Alice uses the prime number 17 and Bob the generator 3. Then Alice chooses a private random number, say 15, and calculates 315mod17, which is equivalent to 6, and sends the result publicly to Bob. Then Bob chooses his private random number, say 13, calculates 313mod17 and sends the result (i.e. 12) publicly to Alice. The heart of the trick is the following calculation. Alice takes Bob`s public result and calculates 1215mod17. The result is their common secret key. On the other hand, Bob takes the public result of Alice and calculates 613mod17, which leads to the same common secret.

Now Alice and Bob can communicate with the symmetrical algorithm of their choice and the common secret key, which has never been transmitted by the uncertain circuit. Asymmetric encryption is richer in resources than symmetrical key encryption. For this reason, it is customary to encrypt only a small amount of information with the relatively expensive asymmetric process. This small piece is a symmetrical key that can be used to decipher and decipher most of the information; It is usually called session key. This method allows the computer to generate a very random key for use with symmetrical encryption. Another advantageous property is that each process can use a different session key, and therefore, if a section of data is compromised by cryptographic analysis, other parts or files are encrypted with another key and therefore are not. Of course, if the asymmetrical key pair is compromised, all session keys can still be detected.


Comments are closed.