Future of the Diffie-Hellman key
advertisement
Eesti Infotehnoloogia Kolledž Diffie-Hellman key exchange Essay Sandra Netšajeva Tallinn 2009 Table of contents Introduction .......................................................................................................................................... 3 History.................................................................................................................................................. 5 Diffie, Hellman and Merkle ................................................................................................................. 5 Encrypting with Public Key ................................................................................................................. 6 Overview of the Diffie-Hellman Algorithm ......................................................................................... 7 Algorithm ............................................................................................................................................. 9 Protocol in action ................................................................................................................................. 9 Vulnerabilities .................................................................................................................................... 11 Usage of Diffie-Hellman .................................................................................................................... 12 DHP – Diffie-Hellman problem ......................................................................................................... 12 Digital Signature ................................................................................................................................ 13 Future of the Diffie-Hellman key-exchange ...................................................................................... 15 ECDH – Elliptic curve Diffie-Hellman .............................................................................................. 15 Conclusion ......................................................................................................................................... 17 References .......................................................................................................................................... 18 Introduction Cryptography is a science with history that is as old as the human's knowledge of writing. The earliest known use of cryptography is a carved hypertext on stone in ancient Egypt (ca 1900 BCE) and a collection of bakery recipes from Mesopotamia. That means, that there always was a necessity to hide important information, to make it readable only for a certain circle of people. The earliest forms of secret writing required little more than pen and paper, as most people could not read. The main classical cipher types were transposition ciphers, which rearranged the order of letters in a message, and substitution ciphers, which systematically replaced letters or groups of letters with other letters or groups of letters. But times passed and ciphers had to become more and more complex to satisfy a growing need to preserve data. The new cryptographic era began slightly after the World War II – the strong incentive to invent new types of ciphers and cipher machines. The development of digital computers made possible much more secure ciphers. Furthermore, computers were able to encrypt any type of data represented in any binary format, unlike classical ciphers which only encrypted written language texts. Computer use has thus supplanted linguistic cryptography, both for cipher design and cryptanalysis. But usage of computers brought out new difficulties. The important part of encrypting and decrypting a cipher is knowing a key – a parameter that determines the functional output of a cipher. Without a key, the algorithm would have no result. A key specifies the transformation of plaintext into cyphertext, or vice versa during decryption. Now it was possible to create a secure cipher and send it to the recipient without one to one meeting, without using an extra-safe channel. However, there still was no way to safely send the key – if it got to the eavesdroppers hands, data was easily decrypted. The situation changed in a groundbreaking year 1976 when Whitfield Diffie and Martin Hellman published a paper where they proposed the notion of public-key cryptography in which two different but mathematically related keys are used — a public key and a private key. A public key system is so constructed that calculation of one key (the 'private key') is computationally infeasible from the other (the 'public key'), even though they are necessarily related. Instead, both keys are generated secretly, as an interrelated pair. Diffie and Hellman published the first public-key algorithm known as a “Diffie-Hellman key exchange” the same year, finally making exchange of the keys real and secure. This work on Diffie-Hellman key-exchange is a many-sided overview of the protocol, it's history and mathematical explanation, including a survey on it's vulnerabilities and secureness. I consider it important to explain what encrypting with public key is to make the way Diffie-Hellman algorithm works more understandable. This paper also includes a brief explanation of digital signature scheme as a related cryptographic model, whose invention was based on a Diffie-Hellman key exchange and a possible future of the protocol. History Diffie, Hellman and Merkle The first researchers to discover and publish the concepts of Public Key Cryptology were Whitfield Diffie and Martin Hellman from Stanford University, and Ralph Merkle from the University of California at Berkeley [illustration 1]. As so often happens in the scientific world, the two groups were working independently on the same problem -- Diffie and Hellman on public key cryptography and Merkle on public key distribution -- when they became aware of each other's work and realized there was synergy in their approaches. In Hellman's words: "We each had a key part of the puzzle and while it's true one of us first said X, and another of us first said Y, and so on, it was the combination and the back and forth between us that allowed the discovery." Illustration 1: Ralph Merkle, Martin Hellman, Whitfield Diffie (1977) (c) Chuck Painter/Stanford News Service The first published work on Public Key Cryptography was in a groundbreaking paper by Whitfield Diffie and Martin Hellman titled "New Directions in Cryptography" in the November, 1976 edition of IEEE Transactions on Information Theory, and which also referenced Merkle's work. The paper described the key concepts of Public Key Cryptography, including the production of digital signatures, and gave some example algorithms for implementation. This paper revolutionized the world of cryptography research, which had been somewhat restrained up to that point by real and perceived Government restrictions, and galvanized dozens of researchers around the world to work on practical implementations of a public key cryptography algorithm. Diffie, Hellman, and Merkle later obtained patent number 4,200,770 on their method for secure public key exchange.[12] Encrypting with Public Key Before it is possible to talk about Diffie-Hellman algorithm, the meaning of the term “Public Key” should be explained. The data transferred from one system to another over public network can be protected by the method of encryption. During encryption the data is encrypted by special algorithm using the ‘key’. Only those users who have an access to the same ‘key’ can decrypt the encrypted data. This method is known as private key or symmetric key cryptography. There are several standard symmetric key algorithms defined. Examples are AES, 3DES and more. The defined symmetric algorithms are proven to be highly secured and time tested, but there still is one major difficulty - the key exchange. The communicating parties require a shared secret, ‘key’, to be exchanged between them to have a secured communication. The security of the symmetric key algorithm depends on the secrecy of the key. Keys are typically hundreds of bits long, depending on the algorithm used. Since there may be a large number of intermediate points between the communicating parties through which the data passes, these keys can't be exchanged online in a secured manner. In a large network, where there are hundreds of systems connected, offline key exchange seems too difficult and sometimes even unrealistic. This is where public key cryptography comes to help. Using public key algorithm a shared secret can be established online between communicating parties without exchanging any secret data. In public key cryptography each user or the device taking part in the communication has a pair of keys, a public key and a private key, and a set of operations associated with the keys - to produce the cryptographic operations. Only the particular user/device knows the private key whereas the public key is distributed to all users/devices taking part in the communication. Since the knowledge of public key does not compromise the security of the algorithms, it can be easily exchanged online without danger of losing any important data. A shared secret can be established between two communicating parties online by exchanging only public keys and public constants if any. Any third party who has access to the exchanged public information will not be able to calculate the shared secret unless it has access to the private key of any of the communicating parties. In public key cryptography, keys and messages are expressed numerically and the operations are expressed mathematically. The private and public key of a device is related by the mathematical function called the one-way function. One-way functions are mathematical functions in which the forward operation can be done easily but the reverse operation is so difficult that it is practically impossible. In public key cryptography the public key is calculated using private key on the forward operation of the one-way function. Obtaining of private key from the public key is a reverse operation. If the reverse operation can be done easily, that is if the private key is obtained from the public key and other public data, then the public key algorithm for the particular key is cracked. The reverse operation gets difficult as the key size increases. The public key algorithms operate on sufficiently large numbers to make the reverse operation practically impossible and thus make the system secure. [4] There are two ways of encrypting using a public key: the distinguishing technique used in public key cryptography is the use of asymmetric key algorithms, where the key used to encrypt a message is not the same as the key used to decrypt it. Each user has a pair of cryptographic keys — a public key and a private key. The private key is kept secret, whilst the public key may be widely distributed. Messages are encrypted with the recipient's public key and can only be decrypted with the corresponding private key. The keys are related mathematically, but the private key cannot be feasibly (ie, in actual or projected practice) derived from the public key. It was the discovery of such algorithms which revolutionized the practice of cryptography beginning in the middle 1970s. In contrast, Symmetric-key algorithms, variations of which have been used for some thousands of years, use a single secret key shared by sender and receiver (which must also be kept private, thus accounting for the ambiguity of the common terminology) for both encryption and decryption. To use a symmetric encryption scheme, the sender and receiver must securely share a key in advance.[5] Symmetric-key algorithms are generally much less computationally intensive than asymmetric key algorithms. In practice, asymmetric key algorithms are typically hundreds to thousands times slower than symmetric key algorithms. Overview of the Diffie-Hellman Algorithm Diffie–Hellman key exchange (D–H) is a cryptographic that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher. Synonyms of Diffie–Hellman key exchange include [8]: Diffie–Hellman key agreement Diffie–Hellman key establishment Diffie–Hellman key negotiation Exponential key exchange Diffie–Hellman protocol The Diffie-Hellman key agreement was invented in 1976 during a collaboration between Whitfield Diffie and Martin Hellman and was the first practical method for establishing a shared secret over an unprotected communications channel. Ralph Merkle's work on public key distribution was an influence. The method was followed shortly afterwards by RSA another implementation of public key cryptography using assymetric algorithms. In 2002, Martin Hellman wrote: The system...has since become known as Diffie-Hellman key exchange. While that system was first described in a paper by Diffie and me, it is a public key distribution system, a concept developed by Merkle, and hence should be called 'Diffie-HellmanMerkle key exchange' if names are to be associated with it. I hope this small pulpit might help in that endeavor to recognize Merkle's equal contribution to the invention of public key cryptography.[10] US Patent 4,200,770, now expired, describes the algorithm and credits Hellman, Diffie, and Merkle as inventors.[8] Algorithm Protocol in action Diffie-Hellman is not an encryption mechanism as we normally think of them in that we do not typically use it to encrypt data. Instead, it is a protocol to securely exchange the keys that encrypt data. Diffie-Hellman accomplishes this secure exchange by creating a “shared secret” (sometimes called a “Key Encryption Key” or KEK) between two devices. The shared secret then encrypts the symmetric key for secure transmittal. The symmetric key is sometimes called a Traffic Encryption Key (TEK) or Data Encryption Key (DEK). Therefore, the KEK provides for secure delivery of the TEK, while the TEK provides for secure delivery of the data itself. [9] The protocol has two system parameters p and g. They are both public and may be used by all the users in a system. Parameter p is a prime number and parameter g (usually called a generator) is an integer less than p, with the following property: for every number n between 1 and p-1 inclusive, there is a power k of g such that n = gk mod p. [6] To make a more simple description we shall imagine two people – Alice and Bob[7] who want to securely exchange data. Suppose Alice and Bob want to agree on a shared secret key using the Diffie-Hellman key agreement protocol. They proceed as follows: Alice and Bob agree on a finite cyclic group G and a generating element g in G. (This is usually done long before the rest of the protocol; g is assumed to be known by all attackers). First, Alice generates a random private value a and Bob generates a random private value b. Both a and b are drawn from the set of integers . Then they derive their public values using parameters p and g and their private values. Alice's public value is ga mod p and Bob's public value is gb mod p. They then exchange their public values. Finally, Alice computes gab = (gb)a mod p, and Bob computes gba = (ga)b mod p. Since gab = gba = k, Alice and Bob now have a shared secret key k. [6] The important point is that the two values generated are identical. They are the “Shared Secret” that can encrypt information between systems [illustration 2]. Illustration 2: Diffie-Hellman key exchange Here is an example of the protocol, with non-secret values in green, and secret values in boldface red: 1. Alice and Bob agree to use a prime number p=23 and base g=5. 2. Alice chooses a secret integer a=6, then sends Bob A = ga mod p A = 56 mod 23 = 8. 3. Bob chooses a secret integer b=15, then sends Alice B = gb mod p B = 515 mod 23 = 19. 4. Alice computes s = B a mod p 196 mod 23 = 2. 5. Bob computes s = A b mod p 815 mod 23 = 2. [8] At this point, the Diffie-Hellman operation could be considered complete. The shared secret is a cryptographic key that could encrypt traffic. That is very rare however because the shared secret is an asymmetric key. As with all asymmetric key systems, it is inherently slow. If the two sides are passing very little traffic, the shared secret may encrypt actual data. Any attempt at bulk traffic encryption requires a symmetric key system such as DES, Triple DES, or Advanced Encryption Standard (AES), etc. In most real applications of the Diffie-Hellman protocol (SSL, TLS, SSH, and IPSec in particular), the shared secret encrypts a symmetric key for one of the symmetric algorithms, transmits it securely, and the distant end decrypts it with the shared secret. Because the symmetric key is a relatively short value (256 bits for example) as compared to bulk data, the shared secret can encrypt and decrypt it very quickly. Which side of the communication actually generates and transmits the symmetric key varies. However, it is most common for the initiator of the communication to be the one that transmits the key. [9] Once secure exchange of the symmetric key is complete, data encryption and secure communication can occur. Changing the symmetric key for increased security is simple at this point. The longer a symmetric key is in use, the easier it is to perform a successful cryptanalytic attack against it. Therefore, changing keys frequently is important. Both sides of the communication still have the shared secret and it can be used to encrypt future keys at any time and any frequency desired. In some IPSec implementations for example, it is not uncommon for a new symmetric Data Encryption Key to be generated and shared every 60 seconds. [9] The protocol depends on the discrete logarithm problem for its security. It assumes that it is computationally infeasible to calculate the shared secret key k = gab mod p given the two public values ga mod p and gb mod p when the prime p is sufficiently large. It is stated that breaking the Diffie-Hellman protocol is equivalent to computing discrete logarithms under certain assumptions.[6] Vulnerabilities The Diffie-Hellman key exchange is vulnerable to a man-in-the-middle attack (MIM). In this attack, an opponent Carol intercepts Alice's public value and sends her own public value to Bob. When Bob transmits his public value, Carol substitutes it with her own and sends it to Alice. Carol and Alice thus agree on one shared key and Carol and Bob agree on another shared key. After this exchange, Carol simply decrypts any messages sent out by Alice or Bob, and then reads and possibly modifies them before re-encrypting with the appropriate key and transmitting them to the other party. This vulnerability is present because Diffie-Hellman key exchange does not authenticate the participants. Possible solutions include the use of digital signatures and other protocol variants. [6] It should be difficult for Alice to solve for Bob's private key or for Bob to solve for Alice's private key. If it isn't difficult for Alice to solve for Bob's private key (or vice versa), Carol may simply substitute her own private / public key pair, use Bob's public key with her private key, produce a fake shared secret key, and solve for Bob's private key (and use that to solve for the shared secret).[8] The authenticated Diffie-Hellman key agreement protocol, or Station-to-Station (STS) protocol, was developed by Diffie, van Oorschot, and Wiener in 1992 to defeat the man-in-the-middle attack on the Diffie-Hellman key agreement protocol. The immunity is achieved by allowing the two parties to authenticate themselves to each other by the use of digital signatures and public-key certificates. Roughly speaking, the basic idea is as follows. Prior to execution of the protocol, the two parties Alice and Bob each obtain a public/private key pair and a certificate for the public key. During the protocol, Alice computes a signature on certain messages, covering the public value ga mod p. Bob proceeds in a similar way. Even though Carol is still able to intercept messages between Alice and Bob, she cannot forge signatures without Alice's private key and Bob's private key. Hence, the enhanced protocol defeats the man-in-the-middle attack.[6] Usage of Diffie-Hellman Unlike RSA and DSS, Diffie-Hellman is used in interactive transactions, rather than a batch transfer from a sender to a receiver. Diffie-Hellman is commonly used when you encrypt data on the Web using either SSL or TLS and in VPN (Secure Socket Layer, Transport Layer Security and Virtual Private Networks respectively). [9][1] DHP – Diffie-Hellman problem The Diffie-Hellman problem is a golden mine for cryptographic purposes and is more and more studied. This problem is closely related to the difficult of computing the discrete logarithm problem over a cyclic group. It was first proposed by Whitfield Diffie and Martin Hellman. The DHP is a problem that is believed to be difficult to do, hence the security of many cryptographic protocols reduces to the DHP[2][3]. If someone were to discover an easy solution to the DHP, it would cast serious doubt on the security of these cryptographic protocols, and in fact many protocols would be easily broken. Understanding the difficulty of the DHP is a very important concept in modern cryptography. It is widely conjectured that Diffie-Hellman can be broken using a code-breaking quantum computer at approximately the same speed as Diffie-Hellman can be run on a classical computer using integer factorization algorithm. For example data encrypted using Diffie-Hellman-2048 recorded today may be rapidly decrypted by a party with a code-breaking quantum computer at a later time.[13] Digital Signature In the original description, the Diffie–Hellman exchange by itself does not provide authentication of the communicating parties so, a method to authenticate the communicating parties to each other is generally needed to prevent most common attacks. A variety of cryptographic authentication solutions incorporate a Diffie–Hellman exchange. When Alice and Bob have a public key infrastructure, they may digitally sign the agreed key. When Alice and Bob share a password, they may use a password-authenticated key agreement form of Diffie– Hellman, such as the one described in ITU-T Recommendation X.1035, which is used by the G.hn home networking standard. This mathematical scheme for demonstrating the authenticity of a digital message or document is called a digital signature or digital signature scheme. It was first described by Whitfield Diffie and Martin Hellman in 1976 along with the Diffie-Hellman protocol, although they only conjectured that such schemes existed. Soon afterwards, Ronald Rivest, Adi Shamir, and Len Adleman invented the RSA algorithm that could be used for primitive digital signatures. (Note that this just serves as a proof-of-concept, and "plain" RSA signatures are not secure.) The first widely marketed software package to offer digital signature was Lotus Notes 1.0, released in 1989, which used the RSA algorithm.[11] Business runs on signatures, and until electronic communications can provide an equivalent of the written signature, it cannot fully replace the physical transportation of documents, letters, contracts, etc. Current digital authenticators are letter or number sequences that are appended to the end of a message as a crude form of signature. By encrypting the message and authenticator with a conventional cryptographic system, the authenticator can be hidden from prying eyes. It therefore prevents third-party forgeries. But because the authentication information is shared by the sender and receiver, it cannot settle disputes as to what message, if any, was sent. The receiver can give the authentication information to a friend and ask him to send a signed message of the receiver’s choosing. The legitimate sender of messages will of course deny having sent this message, but there is no way to tell whether the sender or receiver is lying. The whole concept of a contract is embedded in the possibility of such disputes, so stronger protection is needed. A true digital signature must be a number (so it can be sent in electronic form) that is easily recognized by the receiver as validating the particular message received, but which could only have been generated by the sender. It may seem impossible for the receiver to be able to recognize a number that he cannot generate, but such is not the case. [10] The disadvantage of digital signatures is that the ability to sign is equivalent to possession of a secret key. This key will probably be stored on a magnetic card which, unlike the ability to sign one’s name, can be stolen. Future of the Diffie-Hellman key-exchange The cryptographic security standards used in public-key infrastructures, RSA and Diffie-Hellman, were introduced in the 1970s. And although they haven't been cracked, their time could be running out. That's one reason the National Security Agency wants to move to elliptic-curve cryptography (ECC) for cybersecurity. ECC, a complex mathematical algorithm used to secure data in transit, may replace Diffie-Hellman because it can provide much greater security at a smaller key size. ECC takes less computational time and can be used to secure information on smaller machines, including cell phones, smart cards and wireless devices. Although Diffie-Hellman is a public-key algorithm, experts say it don't scale well for the future. At this point it is stated that Diffie-Hellman keys shorter than 900 bits are not secure enough. To make Diffie-Hellman keys, which now can go to 1,024 bits, secure for the next 10 to 20 years, organizations would have to expand to key lengths of at least 2,048 bits, according to Stephen Kent, chief scientist at BBN Technologies. Eventually, key sizes would need to expand to 4,096 bits. Scientists from the NIST's security technology group assume, that it is highly possible, that DiffieHellman will be broken within a decade or so. [14] ECDH – Elliptic curve Diffie-Hellman ECDH is a relatively new key agreement algorithm based on Diffie-Hellman but using the ellipticcurve cryptography. Elliptic key operates on smaller key size. A 160-bit key in ECC is considered to be as secured as a 1024 bit key in Diffie-Hellman. For generating a shared secret between A and B using ECDH, both have to agree up on Elliptic Curve domain parameters - certain public constants that are shared between parties involved in secured and trusted ECC communication. This includes curve parameter a, b, a generator point G in the chosen curve, the modulus p, order of the curve n and the cofactor h. There are several standard domain parameters defined by SEC, Standards for Efficient Cryptography[4] . For establishing shared secret between two device A and B 1. Let dA and dB be the private key of device A and B respectively, Private keys are random number less than n, where n is a domain parameter. 2. Let QA = dA*G and QB = dB*G be the public key of device A and B respectively, G is a domain parameter 3. A and B exchanged their public keys 4. The end A computes K = (xK, yK) = dA*QB 5. The end B computes L = (xL, yL) = dB*QA 6. Since K=L, shared secret is chosen as xK To prove the agreed shared secret K and L at both devices A and B are the same From 2, 4 and 5 K = dA*QB = dA*(dB*G) = (dB*dA)*G = dB*(dA*G) = dB*QA = L Hence K = L, therefore xK = xL Since it is practically impossible to find the private key dA or dB from the public key QA or QB, its not possible to obtain the shared secret for a third party. [4] The protocol is secure because nothing is disclosed (except for the public keys, which are not secret), and no party can derive the private key of the other unless it can solve the Elliptic Curve Discrete Logarithm Problem. The public keys are either static (and trusted, say via a certificate) or ephemeral. Ephemeral keys are not necessarily authenticated, so if authentication is wanted, it has to be obtained by other means. Static public keys provide neither forward secrecy nor key-compromise impersonation resilience, among other advanced security properties. Holders of static private keys should validate the other public key, and should apply a secure key derivation function to the raw Diffie–Hellman shared secret to avoid leaking information about the static private key.[15] Elliptic curve Diffie-Hellman can possibly become one of the most used algorithm in the close future, providing us all needed encryption security for at least next ten years. Conclusion In conclusion, it would seem logical to once again emphasize the importance of Diffie-Hellman key exchange in modern cryptography. This was a big breakthrough in science of data safety, that moved encryption security further than it was possible to imagine. Now two parties were able to exchange encrypted data without giving an eavesdropper a chance. The new partition in cryptography was created - named a public key cryptography. Instead of one key it uses two – a public key and a private key: one is used to encrypt and another one to decrypt, one is known to everyone, another is kept in secret. Diffie-Hellman protocol allows two parties to create a shared secret using a mathematical function, but it is impossible for eavesdropper to calculate it because of the hardness of calculating a discrete logarithm. But it is necessary to periodically increase the size of the key because of the machine's evolution and constant growth of power – once it was possible to use a 512-bits long key, but now they are considered insecure. In year 2009 1024-bit DiffieHellman keys are used, but it is highly possible that in a few years we will have to move to a longer keys. There are a lot of programs that use Diffie-Hellman and different methods that are based on it. For example digital signature works like a reversed Diffie-Hellman algorithm – you encrypt your data with a private key and others may examine it's authenticity using a public key. Diffie-Hellman key exchange is a rare phenomena in computers history. It was created more than 30 years ago but is still widely used with just minor improvements. This is really a solid term. While writing this work my view on the cryptography has changed. I see it as a much more complex and interesting field, understand different methods and acknowledge different problems. I used several sources to put the body of this paper together. My interest on Diffie-Hellman was born during the Data Security and Cryptology lectures in college, I got my first information on this subject from my teacher Valdo Praust. I visited the homepage of Diffie-Hellman (1) and read multiple articles (4, 6, 12) – they all gave a little different view on the topic. I questioned using Wikipedia as a source, because it presented an already reviewed information. But dates Wikipedia articles were lastly rewritten decided it – they were all made in last two months and I considered using fresh information really important. I also studied a few surveys on different Diffie-Hellman subjects (2, 10), which were created in early 2000-s. This gave me a good example on what sides of this topic are still important and haven't changed through years. Indisputably, Diffie-Hellman key exchange has a very important place in modern cryptography, and even when the science moves on it is still needed and used. References 1. Diffie Hellman Encryption Algorithm, (2009). Diffie Hellman Encryption Overview. [http://www.diffiehellman.com/overview.html] 2. Feng Bao. Robert Deng, Huafei Zhu, (2002). Variations of Diffie-Hellman Problem. [http://icsd.i2r.astar.edu.sg/publications/Baofeng_2003_Variations%20of%20Diffie%20Hellman%20proble ms.pdf] 3. Wikipedia, (2009, October 23). Diffie-Hellman problem. [http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_problem] 4. Anoop M.S., (2009, November 15). Public Key Cryptography - Applications Algorithms and Mathematical Explanations. [http://www.dkrypt.com/home/pkcs] 5. Wikipedia (2009, November 12). Public-Key Cryptography. [http://en.wikipedia.org/wiki/Public-key_cryptography] 6. RSA Laboratories, (2009). What is Diffie-Hellman? [http://www.rsa.com/rsalabs/node.asp?id=2248#] 7. Wikipedia, (2009, November 12). Alice and Bob [http://en.wikipedia.org/wiki/Alice_and_Bob] 8. Wikipedia, (2009, November 15). Diffie-Hellman key exchange [http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange] 9. Keith Palmgren, CISSP (2006, August). Diffie-Hellman Key Exchange – A NonMathematician’s Explanation [http://www.netip.com/articles/keith/diffie-helman.htm] 10. Hellman M. (2002, May). An Overview of Public Key Cryptology [http://www.comsoc.org/livepubs/ci1/public/anniv/pdfs/hellman.pdf] 11. Wikipedia, (2009, November 18). Digital signature [http://en.wikipedia.org/wiki/Digital_signature#cite_note-lysythesis-5] 12. Stewards B. Living Internet: Public Key Cryptography, (PKC) History [http://www.livinginternet.com/i/is_crypt_pkc_inv.htm#diffie] 13. Synaptic Laboratories Ltd, (2009, January 4). Bibliography: Diffie-Hellman-Merkle (D&H) [http://synaptic-labs.com/resources/security-bibliography/53-asymmetric-key-exchanges- classical/149-bib-diffie-hellman-merkle-dah.html] 14. Hickey, K. Government computer news, (2007, Aug 03). Encrypting the future [http://www.gcn.com/Articles/2007/08/03/Encrypting-the-future.aspx?Page=1] 15. Wikipedia, (2009, October 23). Elliptic curve Diffie–Hellman [http://en.wikipedia.org/wiki/Elliptic_curve_Diffie–Hellman]
