Subject | Computer and Network Security |
---|---|

NU Year | Set: 4.(d) Marks: 6 Year: 2015 |

The Diffie-Hellmann key exchange is a secure method for exchanging cryptographic keys.

This method allows two parties which have no prior knowledge of each other to establish a shared, secret key, even over an insecure channel.

The concept uses multiplicative group of integers modulo, which without knowledge of the private keys of any of the parties, would present a mathematically overwhelming task to a code breaker.

Once Alice and Bob have agreed on *p* and *q* in private, they choose positive whole-number personal keys *a* and *b*, both less than the prime-number modulus *p*. Neither user divulges their personal key to anyone; ideally, they memorize these numbers and do not write them down or store them anywhere. Next, Alice and Bob compute public keys *a** and *b** based on their personal keys according to the formulas

*a** = *q ^{a}* mod

*p*

and

*b** = *q ^{b}* mod

*p*

The two users can share their public keys *a** and *b** over a communications medium assumed to be insecure, such as the Internet or a corporate wide area network (WAN). From these public keys, a number *x* can be generated by either user on the basis of their own personal keys. Alice computes *x* using the formula

*x* = (*b**)^{a} mod *p*

Bob computes *x* using the formula

*x* = (*a**)^{b} mod *p*

The value of *x* turns out to be the same according to either of the above two formulas. However, the personal keys *a* and *b*, which are critical in the calculation of *x*, have not been transmitted over a public medium. Because it is a large and apparently random number, a potential hacker has almost no chance of correctly guessing *x*, even with the help of a powerful computer to conduct millions of trials. The two users can therefore, in theory, communicate privately over a public medium with an encryption method of their choice using the decryption key *x*.