- Block diagrams
- Mathematical functions
The Diffie-Hellman Protocol may be also used for message encryption using the public key.
The Diffie-Hellman algorithm describes a way of communication between two parties which allows to create a shared secret key. The key may be later use during the further communication, protected by the symmetric encryption. It is impossible to deduce the key by a potential eavesdropper.
The algorithm uses mathematical theory about discrete logarithms in given groups.
The protocol of the exchange of information between two parties (commonly referred to as Alice and Bob) is presented below. To determine the shared secret key using the Diffie-Hellman protocol, the following steps should be performed:
- Alice and Bob agree on a common prime number p and a generating element g.
- Alice picks a random and secret natural number a and then sends A = ga mod p to Bob.
- Bob picks a random and secret natural number b and then sends B = gb mod p to Alice.
- Alice computes a number k = Ba mod p.
- Bob computes the same number k = Ab mod p.
- At this point, both Alice and Bob possess the secret number k.
The number k computed by both parties is very big - the numbers a and b used in the algorithm have at least 100 digits and the prime number p has at least 300 digits. The value k can be changed into the symmetric key using a hash function. The symmetric key is used for the encryption of further communication.
Public key encryption
It is possible to use the Diffie-Hellman protocol for message encryption using the public and private keys.
In such a case, Bob could send a message to Alice, encrypting it with Alice's public key, which contains three numbers: g, p, ga mod p. To send a secret message to Alice, Bob chooses a random number b, and then sends an unencrypted number gb mod p to Alice. Eventually, the message itself can be sent, being encrypted by a symmetric key (ga)b mod p.
Only Alice will be able to determine the value of b and decrypt the message. Using the public key protects the sides from man-in-the-middle attacks.
The algorithm allows asymmetric encryption of data. As present however, RSA is much more popular algorithm that allows encryption using public and private keys.
Security of the Diffie-Hellman protocol
The protocol is considered secure if the initial numbers are chosen properly. The numbers have to be random and very big. The attacker would have to solve the discrete logarithm problem in a given group (it means that all mathematical operations are followed by reduction modulo another big number). However, no efficient general algorithm for computing discrete logarithms on conventional computers is known.
After establishing the symmetric key, both parties destroy the values a and b. This prevents the initial numbers from being stolen by the intruder.
Because the protocol does not provide authentication of the communicating parties, it is vulnerable to man-in-the-middle attacks. The attacker may establish two sessions of the protocol (one with Alice and one with Bob) and pretend to be the opposite side to each of them. He sets two symmetric keys and uses them in the communication with them (still pretending to be the opposite side to each of them).