Diffie-Hellman Key Exchange Yuen Ng

Importance Allows a secret to be made between two people Even if the whole world is listening in This secret can be used as an encryption code word. Particularly (and mainly) on the internet Whitfield Diffie Martin Hellman (Ralph Merkle)

What’s the problem? For Alan and Betty… Muahaha For Alan and Betty… Niamh is listening in on the communications Alan and Betty want to form a secret password that only they know. But, any password that Alan wants to tell Betty won’t be secret… They can use this to encrypt sensitive information Eg what city state they are going to attack, which credit card number she’s using

What’s the solution? Announced publicly in 1976 We can use gab as the new secret, the new code word So we can now send long messages to each other, in private British Signals Intelligence Agency by Malcolm J. Williamson but classified We can easily make it bigger Credit card details, Using other encryption methods that rely on a shared secret; a different system that requires one key only

Diffie-Hellman Mechanism (ga)b = (gb)a = gab For example (23)6 = 86 = 262,144 (26)3 = 643 = 262,144 gab = 262,144 Everybody is taught this in secondary school It’s easy to form powers of g It’s not necessarily easy to find which numbers you used as the power of g (in the intermediate steps)

Forming a key with Diffie-Hellman (ga)b = (gb)a = gab (mod p) For example (237)10 = 3,404,825,44710 = 209,386,425… for 96 digits in total (2310)7 = 41,426,511,213,6497 = 209,386,425… again So gab = 2.09386425… * 10^95 But (mod 9719) we have (237)10 = 3,404,825,44710 = 705310 = 1195 (2310)7 = 41,426,511,213,6497 = 48007 = 1195 again! So gab = 1195 Everybody is taught this in secondary school Since the numbers get large very very quickly, we can use mod arithmetic Where we are just looking at remainders By the way 9719 is a specially chosen prime 9719 is the largest four digit prime for which consecutive pairs and triples of digits are also prime (like 97, 19, 71, 971 and 719) http://primes.utm.edu/curios/page.php/9719.html We still get the same answer in mod arithmetic, whichever way round the powers are applied And the answer is much smaller and more manageable http://www.calculatorpro.com/calculator/modulo-calculator/

Diffie-Hellman Key Exchange (ga)b = (gb)a = gab (mod p) To everybody: We choose g = 23 and p = 9719 A to B: here’s ga = 7053 B to A: here’s gb = 4800 PRIVATE Alan: (gb )a = 4800 a = 1195 PRIVATE Betty: (g a)b = 7053 b = 1195

Diffie-Hellman Key Exchange (ga)b = (gb)a = gab (mod p) To everybody: We choose g = 23 and p = 9719 A to B: here’s ga = 7053 B to A: here’s gb = 4800 PRIVATE Alan: (gb )a = 4800 a = 1195 PRIVATE Betty: (g a)b = 7053 b = 1195

Diffie-Hellman Key Exchange (ga)b = (gb)a = gab (mod p) To everybody: We choose g = 23 and p = 9719 A to B: here’s ga = 7053 B to A: here’s gb = 4800 PRIVATE Alan: (gb )a = 4800 a = 1195 PRIVATE Betty: (g a)b = 7053 b = 1195 I can’t work out from the information what the secret key is! I’d love to know a and b.

Niamh is in difficulty It’s easy to form powers of g g35 = (((((g2) 2) 2) 2) 2) * g2 * g Suppose (like Niamh) you know the values of g, p, ga and gb. Can we work out gab ? One way to solve: we could find a from ga and then find (gb)a = gab which is the secret But, it’s not at all easy to find which numbers you used as the power of g (in the intermediate steps) Repeated squaring technique Five squarings, and three multiplications – faster than 34 operations (and memory storage) Given that 7053 and 4800 are powers of 23 in mod 9719 Multiplying together won’t work – a + b

Security Currently no known algorithms are efficient at solving the Discrete Logarithm Problem Works well if you use large primes Eg p = 2q + 1 (only 2 and q, both primes, divide the order of g) Human neglect… …and impostors 9719 is a very small prime. We use 768 and 1024 bit primes in practice – very large numbers to make it hard to guess Could write out all powers of g, but fastest method is… and has time complexity… How to impersonate (man-in-the-middle attack) picture of impersonation pictures Log Jam NSA The Impostor’s own information