140 likes | 489 Views
Diffie-Hellman / ElGamal. 157.357, Tutorial 6 Henning Koehler. Diffie-Hellman. Diffie-Hellman key exchange: Common modulus and base: p = 83, a = 2 (a, a 2 ,…, a p-1 mod p are all different…) Secrets X A = 21, X B = 66 A generates Y A = 2 21 mod 83 = 74
E N D
Diffie-Hellman / ElGamal 157.357, Tutorial 6 Henning Koehler
Diffie-Hellman • Diffie-Hellman key exchange: • Common modulus and base: p = 83, a = 2 (a, a2,…, ap-1 mod p are all different…) • Secrets XA = 21, XB = 66 • A generates YA = 221 mod 83 = 74 • B generates YB = 266 mod 83 = 61 • A and B openly exchange YA and YB
Diffie-Hellman • A knows XA = 21 and YB = 61 calulates YBXA = 6121 mod 83 = 12 • B knows XB = 66 and YA = 74 calulates YAXB = 7466 mod 83 = 12 • A and B now share secret “12” • An attacker knows YA and YB • No (efficient) way known to find secret
Diffie-Hellman • Q: Why does it work? • A: Exponentiation order does not matter! • A computes YBXA = (aXB)XA = aXB·XA (mod p) • B computes YAXB = (aXA)XB = aXA·XB (mod p) • e.g. (a3)4 = (a·a·a)·(a·a·a)·(a·a·a)·(a·a·a) = a12 (a4)3 = (a·a·a·a)·(a·a·a·a)·(a·a·a·a) = a12
Problem 10.1 • D-H: p = 71, a = 7 a) A has XA = 5, what is YA ? b) B has XB = 12, what is YB ? c) What is the shared secret key ?
Problem 10.2 • D-H: p = 11, a = 2 a) Show that 2 is a primitive root. b) YA = 9, what is XA ? c) YB = 3, what is the shared secret key ?
ElGamal • Public-key system based on the same algorithm as Diffie-Hellman: • Again, all users agree on a common modulo and base • Each user chooses a private key X and computes Y = aX mod p • Y is then published as the public key
ElGamal • If A wants to send a message m to B: • A looks up B’s public key YB • A randomly chooses XS and computes S = YBXS mod p, YS = aXS mod p • A encrypts m using the session key S • A sends ES(m) | YS to B
ElGamal • If B wants to decrypt the message: • B computes S = YSXB mod p • B decrypts ES(m) using the session key S • Q: Why does it work? • Both A and B are using the same key S • A computed S = YBXS mod p = aXB·XS mod p • B computed S = YSXB mod p = aXS·XB mod p
ElGamal • How to encrypt message m with key S? • In practice: any symmetrical algorithm would work (e.g. DES, AES, …) • Original proposal: ES(m) = S·m mod p intended for m = key
Problem 10.5 • ElGamal: p = 71, a = 7 a) B has YB = 3, k = 2, m = 30, what is the ciphertext sent to B ? b) A chooses different XS so that YS = 59, what is now the ciphertext of m = 30 ?