0
3.1kviews
Explain how a key is shared between two parties using Diffie-Hellman by exchange algorithm. What is the drawback of this algorithm?
1 Answer
0
49views
  • Public-key distribution scheme: (What is it??)
    • It Cannot be used to exchange an arbitrary message
    • It rather it can establish a common key
    • Its known only to the two participants
  • The Diffie-Hellman public key algorithm was the first public-key distribution algorithm developed.
  • It allows two users to securely exchange a key that can be used for subsequent encryption of messages.
  • The Diffie-Hellman algorithm depends for its effectiveness on the difficulty of computing discrete logarithms.

The steps taken in the key-sharing process is given below:

  • Initially, we need to define two global parameters q and a. These two parameters need to be mutually agreed by both partners before transmission.
    • q – It should be a large prime integer
    • a – It should be primitive root mod q.
  • Now, both the user generates their own secret key unknown to the opposite partner.
    • $x_A$ – Secret key generated by User A . ($x_A \lt q$)
    • $x_B$ – Secret Key generated by User B ($x_B \lt q$)
  • Generate the public key using the secret key.
    • $y_A = a^{xA} mod q – User A$
    • $y_B = a^{xB} mod q – User B$
  • Now publish this public key i.e. send this public key User A $rigtharrow$ User B & User B $rigtharrow$ Users A
  • Using the public keys of their partners, the User now computes the Session Key:
    • $K_{AB}= y_B^{xA}$ mod q – the session key computed by User A using B’s public key.
    • $K_{AB}= y_A^{xB}$ mod q – the session key computed by User B using A’s public key.
    • Both these values will be SAME.
    • Now when A and B starts communicating, they will be sending messages encrypted by this secret session key known only to A and B.

The drawbacks of this algorithm are:

  • Can be used only for key-exchange and not for encypting.
  • The exponential operation is very expensive.
  • Vulnerable to DoS attack..
  • No authentication feature; so we cannot sign any message to verify the authenticity. A Man-In-Middle attack is an example of such incident where signature is required.
Please log in to add an answer.