Diffie-Hellman key exchange
Diffie-Hellman key exchange is a cryptographic protocol that allows two parties to agree on a secret key over an insecure communication channel. Once the shared secret key has been established, they can use it to encrypt their secret communication using the conventional methods of cryptography.The algorithm was first published by Whitfield Diffie and Martin Hellman in 1976, although it later emerged that it had been discovered a few years earlier within GCHQ, the British cryptography agency, by Malcolm Willamson. In 2002, Hellman suggested the algorithm should be called Diffie-Hellman-Merkle key exchange in recognition of Merkle's contribution to the invention of public-key cryptography (Hellman, 2002).
Diffie-Hellman key exchange is used, in conjunction with several alternative authentication methods, in the IKE component of the IPSec protocol suite.
| Table of contents |
|
2 Description 3 Security 4 References |
History of the protocol
Diffie-Hellman key exchange was invented in 1976 during a collaboration between Whitfield Diffie and Martin Hellman and was the first practical method for establishing a shared secret over an unprotected communications channel. Ralph Merkle's work on public key distribution was an influence. John Gill suggested application of the discrete logarithm problem. It had been discovered by Malcolm Williamson of GCHQ in the UK some years previously, but GCHQ chose not make it public until 1997, by which time it had no influence on research.
The method was followed shortly afterwards by RSA, the first publicly announced implementation of public key cryptography using asymmetric algorithms.
In 2002, Martin Hellman wrote: "The system...has since become known as Diffie-Hellman key exchange. While that system was first described in a paper by Diffie and me, it is a public key distribution system, a concept developed by Merkle, and hence should be called 'Diffie-Hellman-Merkle key exchange' if names are to be associated with it. I hope this small pulpit might help in that endeavor to recognize Merkle's equal contribution to the invention of public key cryptography." [1]
U.S. Patent #4,200,700, now expired, covers the algorithm and credits Hellman, Diffie, and Merkle as inventors.
Description
The protocol is as follows:
Because the group that the arithmetic is done on must be Abelian, both Alice and Bob are now in possession of the group element gab (see exponentiation) which can serve as the shared secret key.
The most commonly used group G is the group of integers modulo p (because all groups of prime order are cyclic and therefore Abelian), but the protocol works with any Abelian group in general.
Security
The protocol is considered secure against eavesdroppers if G and g are chosen properly: the eavesdropper ("Eve") has difficulty to compute the element gab, because she would have to solve the Diffie-Hellman problem related to discrete logarithms in order to deduce a from ga or b from gb.
If Alice and Bob use random number generators whose outputs are not completely random but can be predicted to some extent, then Eve's task is much easier.
The protocol is vulnerable to the man in the middle attack in which the attacker is able to read and modify all messages between Alice and Bob. Workarounds exist, such as digitally signing each message, which is possible if Alice and Bob have a public key infrastructure.
References
Cryptographic apparatus and method Martin E. Hellman, Bailey W. Diffie, and Ralph C. Merkle, U.S. Patent #4,200,700, 29 April 1980
- The First Ten Years of Public-Key Cryptography Whitfield Diffie, Proceedings of the IEEE, vol. 76, no. 5, May 1988, pp: 560-577 (1.9MB PDF file)
- An Overview of Public Key Cryptography Martin E. Hellman, IEEE Communications Magazine, May 2002, pp:42-49. (123kB PDF file)