I have yet to hear of any cryptographic or ‘technical’ method void of complete vulnerability . As a security engineer, I have encountered diverse forms of key exchange methods, how two parties share public values or keys to over public channels.
Some have suggested we should forgo D – H key exchange. Rather, we should focus on customizing our own key exchange to minimize threats of publicly shared keys and even those kept secretly by two parties.
If keys generated by experienced cryptographers are deemed ‘not trustworthy, then why should we rely on key exchange methods like Deffie –Hellman?
Nevertheless, Deffie – Hellman is one of my preferred cryptographic key exchange methods. Although, some experts perceive it as a weaker exchange because of how public keys are transmitted over a public medium . Technically, the mechanism of exchanging public values is seen as the gateway to attacks like logjam, birthday and man –in –the –middle attacks.
Diffie – Hellman is a key exchange protocol developed by Deffie and Hellman in 1976 . The main purpose of Deffie-Hellman is to allow two parties to exchange a secret over a public medium without having anything shared beforehand.
How D-H Key Exchange Works :
Logically, there are two major parameters at the core of this key exchange protocol . They consist of a very large prime number [p] and a second related “generator” number [g] that is less than the prime number designated as [p].
Finally, the third value is represented as [X] a private value is also generated for each host.
For each host, the number [n] is assigned to [similar to statement assignment in python or C++ but differs in this context] to the generator number [g] raised to the power of K . Moreover the value [g] is closely tied to its associate value [p].
Here is a logical Diagram of Deffie Hellman Key Exchange Relationship
So seemingly, each host must agree on these two parameters or values [ p and g] .
Public Value Exchanges
Public Values are values exchanged between two parties over the public channel.
For instance, let’s take value [g] , the generator number which generates the public keys or values between Alice and Bob. In this context, the value [Y] represents the result of the public key to be shared or exchanged between Alice and Bob over a public medium . So let’s take value [g] and raise it to the power of [X] . We will then divide it by the final outcome by the prime value [P]. The remainder becomes the public value[Y]
Step A =
Y = 33.3333333 [ The remainder is value [Y]
*[ ? = Y, 10 = G, k = 2, P = 3]
Step B =
Y = 100 % p
- Please this is just an assumed example to make things easier for those who are not conversant with Deffie – Hellman Key Exchange Protocol .
[ The public value or key [Y] could be compromised by clever hackers to discover the secret key. I will explain in the latter part]
How To Use Public Value[key] To Create A Secret Key
Let’s assume the first cryptographic method to create a public key [ to be shared publicly ] between Alice and Bob is accomplished.
Without the secret key, neither Alice or Bob can decrypt the encrypted message or file. Any other method to decrypt might appear gibberish.
In a layman’s term, we can define the secret key [ in this context is described as the private value] as a unique value which is unique to Alice and Bob only until Eve, the eavesdropper finds out.. Alice and Bob can use the secret value or key for whatever encryption algorithm both prefer .
How To Generate A Secret Key
The formula to generate a secret key or value is quite similar to the public key exchange method. But this time around the generator number[n] is not included . Therefore , the number [n] is replaced with the public value or key generated initially alongside [x] as the power.
The formula to Generate a secret key :
Step A =
Step B =
Then the secret Z is 385.333333 .
*This is just an assumed example on behalf of those who do not really understand Deffie –Hellman Exchange Protocol .
Here is summarized version D-H Key Exchange Mechanism
- Exchange certain numbers over a public medium
- Create your own private value that won’t be exchanged [ i.e A Secret key ]
- Generate a public “Key” from the previously agreed upon numbers with your private value.
- Compute using your public , private and the shared information.
- The final outcome of Alice should match with Bob’s. Finally, Alice and Bob have shared secret key without crossing a public medium.
The Threats of Eve : The Eavesdropper
Good. I trust you now have a clear idea of D-H Key Exchange Mechanism. Now we can analyze which sector of Deffie –Hellman key exchange might be responsible for man-in-the middle-attacks .
Initially I explained that the public value or key could be correctly exchanged via the public channel. In this context, the public medium might refer to the open network . The public channel is technically not a safe place because everybody – from teens to adult to grannies – could intercept one’s data without the owner’s consent.
On behalf of the initial public value formula , Eve, the eavesdropper can possibly calculate the secret key of Alice and Bob. Or it is not possible ?
Take a look the formula embedded in the parenthesis. I hope you understand what it does.
By the above formula in parenthesis, although it increases the possibility of a mutual secret key, Eve should also be able to calculate the secret key owned by Alice and Bob. In cryptographic world, computation rules, mathematicians are kings and Queens. There is no cryptographic method which is operated or done randomly. There is nothing like ‘randomness’ in the cryptographic world.
Alice and Bob exchanged the public keys or values over the public medium. Therefore the public value or key might be that ‘bad Samaritan’ to aid Eve to secretly compute the secret key owned by Alice and Bob.