- Public-key distribution scheme: (What is it??)
- It Cannot be used to exchange an arbitrary message
- It rather it can establish a common key
- Its known only to the two participants
- The Diffie-Hellman public key algorithm was the first public-key distribution algorithm developed.
- It allows two users to securely exchange a key that can be used for subsequent encryption of messages.
- The Diffie-Hellman algorithm depends for its effectiveness on the difficulty of computing discrete logarithms.
The steps taken in the key-sharing process is given below:
- Initially, we need to define two global parameters q and a. These two parameters need to be mutually agreed by both partners before transmission.
- q – It should be a large prime integer
- a – It should be primitive root mod q.
- Now, both the user generates their own secret key unknown to the opposite partner.
- $x_A$ – Secret key generated by User A . ($x_A \lt q$)
- $x_B$ – Secret Key generated by User B ($x_B \lt q$)
- Generate the public key using the secret key.
- $y_A = a^{xA} mod q – User A$
- $y_B = a^{xB} mod q – User B$
- Now publish this public key i.e. send this public key User A $rigtharrow$ User B & User B $rigtharrow$ Users A
- Using the public keys of their partners, the User now computes the Session Key:
- $K_{AB}= y_B^{xA}$ mod q – the session key computed by User A using B’s public key.
- $K_{AB}= y_A^{xB}$ mod q – the session key computed by User B using A’s public key.
- Both these values will be SAME.
- Now when A and B starts communicating, they will be sending messages encrypted by this secret session key known only to A and B.
The drawbacks of this algorithm are:
- Can be used only for key-exchange and not for encypting.
- The exponential operation is very expensive.
- Vulnerable to DoS attack..
- No authentication feature; so we cannot sign any message to verify the authenticity. A Man-In-Middle attack is an example of such incident where signature is required.