Whitfield Diffie and Martin Hellman created a cryptographic key exchange protocol in 1976 called Diffie-Hellman Key Exchange. This protocol offers a safe way to exchange the secret key even if an intruder intercepting the traffic. In feature made it so popular that DH key exchange starts becoming part of most of the asymmetric encryption algorithm. Because of its popularity, it is worth understanding the logic behind the Mathematical explanation of the Diffie-Hellman Key Exchange protocol
Contents
Symmetric Encryption:
This encryption system uses the same key to encrypt and decrypt the data. This is easy and simple to implement. However, the main concern comes in the matter of trust. How to trust the other side of the entity is legitimate. There is a high risk of sharing a decryption key with an unknown entity. On the public network like the internet, never. If the key got leaked, any buddy can decrypt the data on the internet. To overcome this problem second method of encryption that is asymmetric encryption is introduced.
Asymmetric Encryption:
Actual encryption happens in asymmetric encryption protocols. Asymmetric encryption is introduced to overcome the problems of symmetric encryption. This encryption system uses two keys: public and private instead of one key. People often say that a private key is used for encryption and a public key is used for decryption. It is partially true in my opinion. Both public and private keys will take part in the encryption and decryption process. After the completion of a key exchange process between the two parties, both parties create a new key that will work as a symmetric key. In asymmetric encryption, there will not be a physical key exchange, but logically yes. This gives a big lead to this system over symmetric encryption.
Explanation Diffie-Hellman Key Exchange Protocol
Let’s see how key exchange happens in the simple calculation: let’s assume ‘a’ is a private key of the client. ‘b’ is a private key of the server. Two prime numbers ‘p’ and ‘g’ are public keys that will be shared to both client and server.
p = 149
g = 17
a = 6
b = 8
The mathematical formula to create an encrypted key is g^a mod p.
Phase #1:
Step 1: When the Client requests a connection to the server. The server sends a public certificate with ‘p’ and ‘g’ values.
Step 2: Client generates Client encryption key. client encryption key = 17^6 mod 149 = 16
Step 3: Server generates its encryption key. server encryption key = 17^8 mod 149 = 5
Step 4: Both Client and Server exchange their encryption keys.
At the end of phase 1, if someone is listening to the traffic he would be able to capture four numbers. p, g, client encryption key, and server encryption key. What he doesn’t know is a and b.
Phase #2:
Step 5: Both Server and Client use the same mathematical function to calculate the key.
Client key: (server encryption key)^a mod p = 5^6 mod 149 = 129
Server key: (client encryption key)^a mod p = 16^8 mod 149 = 129
In this example 129 is the key that works as a symmetric key.
At the end of phase 1, if someone is listening to the traffic he would be able to capture four numbers. p, g, client encryption key, and server encryption key. What he doesn’t know is a and b.
This completes the key exchange process. As we said earlier, there will not be a direct key exchange between the two parties, but the result of phase 2 serves as a symmetric key.
Thanks for reading this article. Please visit our site to read such interesting articles.
原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/tech/aiops/269923.html