Tuesday, September 15, 2015

How does Diffie-Hellman Key Exchange Protocol work ?

Diffie - Hellman Key Exchange Protocol is a key agreement protocol that allows authenticated parties to exchange keying material across an insecure connection.

This protocol is significantly used in protocols like IPSec or SSL/TLS. Using this protocol, sending and receiving devices in the network shares public key.

To establish a secure connection over the unsecured internet, two hosts need to agree on a few parameters like the secret keys using which the data is encrypted and then transferred. The secret parameters cannot be transferred between the hosts as the attacker may eavesdrop them. So, both the hosts need to derive the secret parameters, without transferring the secret parameters themselves. And so, Diffie-Hellman Key Exchange Protocol is used.

How does Diffie-Hellman Key Exchange Protocol work ?

Let's first understand this in simple English.

  1. Let's assume, Alice and Bob wants to share a color between them secretly.
  2. The process begins by Alice and Bob agreeing on a common color, that need not be kept secret. Let's assume, that agreed on common color is yellow.
  3. Now, each of them selects a secret color, red and aqua respectively. This secret color they do not share with each other.
  4. Now, they mix up their respective secret colors with the common color yellow. So, Alice will get orange and Bob will get a yellow and blue mixture.
  5. Alice and Bob now share these mixed colors, orange and blue mixture, with each other publicly.
  6. Now, Alice and Bob should mix up the colors they received with their secret color. So, Alice will mix up aqua and red to get brown. And Bob will mix up orange and aqua to get brown.
  7. Hence, their agreed on secret color is brown. Please note that, it is impossible for any third party listening to their conversation to determine the common secret color.


In the original implementation of the protocol, multiplicative group of integers modulo a prime number is used.

Please note that, if p is a prime, g a primitive root of p, and a and b two secret integers here.

A = ga mod p
B = gb mod p

C = Ab mod p = Ba mod p = gab mod p

Here, p and g are analogous to agreed on common color yellow.
a and b are analogous to Alice' and Bob's secret color red and aqua respectively.
A and B are analogous to their mutually shared color, orange and blue mixture respectively.
And C is analogous to their secret common color brown.

So, that would mean :

  1. Alice will compute A = ga mod p and send g, p and A to Bob.
  2. Bob will compute B = gb mod p and send B to Alice.
  3. Alice will compute K = Bmod p
  4. Bob will compute K = Ab mod p
  5. Alice and Bob both have derived K without directly sending K to each other. So, even if an attacker eavesdrop the communication between Alice and Bob and grabs the value of A, B, g and p, it will be computationally infeasible for the attacker to derive the value of K
  6. Now, Alice and Bob are free to encrypt the data with the secret key K and transfer between them.

So, this is the basis of internet key exchange protocol !

No comments:

Post a Comment