Add to collection(s) Add to saved
  1. No category

Diffie-Hellman

advertisement 
Diffie-Hellman / ElGamal
157.357, Tutorial 6
Henning Koehler
Diffie-Hellman
• Diffie-Hellman key exchange:
– Common modulus and base: p = 83, a = 2
(a, a2,…, ap-1 mod p are all different…)
– Secrets XA = 21, XB = 66
• A generates YA = 221 mod 83 = 74
• B generates YB = 266 mod 83 = 61
• A and B openly exchange YA and YB
Diffie-Hellman
• A knows XA = 21 and YB = 61
 calulates YBXA = 6121 mod 83 = 12
• B knows XB = 66 and YA = 74
 calulates YAXB = 7466 mod 83 = 12
• A and B now share secret “12”
• An attacker knows YA and YB
– No (efficient) way known to find secret
Diffie-Hellman
• Q: Why does it work?
• A: Exponentiation order does not matter!
– A computes YBXA = (aXB)XA = aXB·XA (mod p)
– B computes YAXB = (aXA)XB = aXA·XB (mod p)
– e.g.
(a3)4 = (a·a·a)·(a·a·a)·(a·a·a)·(a·a·a)
=
a12
(a4)3 = (a·a·a·a)·(a·a·a·a)·(a·a·a·a) = a12
Problem 10.1
• D-H: p = 71, a = 7
a) A has XA = 5, what is YA ?
b) B has XB = 12, what is YB ?
c) What is the shared secret key ?
Problem 10.2
• D-H: p = 11, a = 2
a) Show that 2 is a primitive root.
b) YA = 9, what is XA ?
c) YB = 3, what is the shared secret key ?
ElGamal
• Public-key system based on the same
algorithm as Diffie-Hellman:
– Again, all users agree on a common modulo
and base
– Each user chooses a private key X and
computes Y = aX mod p
– Y is then published as the public key
ElGamal
• If A wants to send a message m to B:
– A looks up B’s public key YB
– A randomly chooses XS and computes
S = YBXS mod p, YS = aXS mod p
– A encrypts m using the session key S
– A sends ES(m) | YS to B
ElGamal
• If B wants to decrypt the message:
– B computes S = YSXB mod p
– B decrypts ES(m) using the session key S
• Q: Why does it work?
– Both A and B are using the same key S
– A computed S = YBXS mod p = aXB·XS mod p
– B computed S = YSXB mod p = aXS·XB mod p
ElGamal
• How to encrypt message m with key S?
• In practice: any symmetrical algorithm
would work (e.g. DES, AES, …)
• Original proposal: ES(m) = S·m mod p
 intended for m = key
Problem 10.5
• ElGamal: p = 71, a = 7
a) B has YB = 3, k = 2, m = 30,
what is the ciphertext sent to B ?
b) A chooses different XS so that YS = 59,
what is now the ciphertext of m = 30 ?
Related documents
Solution to Problem 3
Solution to Problem 3
Lecture 1: Intro to Course - Game Modification Workshop
Lecture 1: Intro to Course - Game Modification Workshop
Mon, Mar 3
Mon, Mar 3
Experience Modification Factor
Experience Modification Factor
computer skills department semester 2 (2013
computer skills department semester 2 (2013
security_密码学
security_密码学
Hans Pung, RAND Europe
Hans Pung, RAND Europe
slides
slides
CHINESE REMAINDER THEOREM
CHINESE REMAINDER THEOREM
Number Theory Solutions
Number Theory Solutions
William Stallings, Cryptography and Network Security 5/e
William Stallings, Cryptography and Network Security 5/e
3.2 Hypothesis testing
3.2 Hypothesis testing
Solution
Solution
Sample Final - University of Nebraska–Lincoln
Sample Final - University of Nebraska–Lincoln
Sample for HW 5
Sample for HW 5
Algebraic Systems
Algebraic Systems
SS4
SS4
TOC 13
TOC 13
Section7Math623
Section7Math623
Chapter8Math412notes..
Chapter8Math412notes..
residues of generalized binomial
residues of generalized binomial
Section13Math623
Section13Math623
Download
advertisement