• Public-key distribution scheme: (What is it??)
  
  • It Cannot be used to exchange an arbitrary message
  • It rather it can establish a common key
  • Its known only to the two participants
• The Diffie-Hellman public key algorithm was the first public-key distribution algorithm developed.
• It allows two users to securely exchange a key that can be used for subsequent encryption of messages.
• The Diffie-Hellman algorithm depends for its effectiveness on the difficulty of computing discrete logarithms.

The steps taken in the key-sharing process is given below:

• Initially, we need to define two global parameters q and a. These two parameters need to be mutually agreed by both partners before transmission.
  • q – It should be a large prime integer
  • a – It should be primitive root mod q.
• Now, both the user generates their own secret key unknown to the opposite partner.
  • $x_A$ – Secret key generated by User A . ($x_A \lt q$)
  • $x_B$ – Secret Key generated by User B ($x_B \lt q$)
• Generate the public key using the secret key.
  • $y_A = a^{xA} mod q – User A$
  • $y_B = a^{xB} mod q – User B$
• Now publish this public key i.e. send this public key User A $rigtharrow$ User B & User B $rigtharrow$ Users A
• Using the public keys of their partners, the User now computes the Session Key:
  • $K_{AB}= y_B^{xA}$ mod q – the session key computed by User A using B’s public key.
  • $K_{AB}= y_A^{xB}$ mod q – the session key computed by User B using A’s public key.
  • Both these values will be SAME.
  • Now when A and B starts communicating, they will be sending messages encrypted by this secret session key known only to A and B.

The drawbacks of this algorithm are:

• Can be used only for key-exchange and not for encypting.
• The exponential operation is very expensive.
• Vulnerable to DoS attack..
• No authentication feature; so we cannot sign any message to verify the authenticity. A Man-In-Middle attack is an example of such incident where signature is required.