Indian Institute Of Information Technology, Tiruchirappalli
Course name: Principles of Cryptography
Course Code: CS531
Topic: Diffie Hellman Key Exchange Algorithm
Team members: 1. Simmi Raj
2. B. Nikitha
3. Keshav Tulsyan
Team member’s contribution
1. Simmi Raj - Introduction, Working
2. B. Nikitha - Applications, Advantages & disadvantages, Difference between
Diffie-Hellman Key Exchange and RSA
3. Keshav Tulsyan - Implementation and cryptanalysis
Diffie Hellman Key Exchange Algorithm
Introduction
● DH is one of the first practical implementations of asymmetric encryption or
public-key cryptography (PKC).
● It was published in 1976 by Whitfield Diffie and Martin Hellman. Other
contributors who are credited with developing DH include Ralph Merkle and
researchers within the United Kingdom’s intelligence services.
● The Diffie–Hellman key exchange method allows two parties that have no prior
knowledge of each other to jointly establish a shared secret key over an insecure
channel. This key can then be used to encrypt subsequent communications
using a symmetric-key cipher.
● DH enables the two to use a public key to encrypt and decrypt their conversation
or data using symmetric cryptography.
● It helps solve the problem of exchanging symmetric encryption keys without
compromising data integrity.
● Key transmitted over an insecure channel is intercepted by hackers, who can
then use the same key to decrypt the encrypted ciphertexts. The Diffie Hellman
algorithm solves this problem using one-way functions that enable only the
sender and receiver to decrypt the message using a secret key.
● One-way functions follow a type of algorithm where you can calculate an output
for every input. To better understand how this helps in the Diffie-Hellman
exchange, we can use color theory to realize its effectiveness.
Step 1: Let the two users choose a publicly accepted color they both agree to. They
must also decide on a private color which is to be kept as a secret.
Step 2: The private and public colors are mixed on each side to form a newly acquired
color mixture.
Step 3: They then exchange the mixture among the users over an insecure
communication channel, even though it may be open for hackers to intercept.
Step 4: The private colors are then mixed with the received mixture to finally acquire the
actual secret color (key).
As we notice, despite the critical exchange taking place over a channel with hackers
present, the malicious users received mixed colors, but not the secret key. Both users
can now encrypt their messages using the private key generated without fear of hackers
reading their conversations.
● DH uses the elliptic curve to generate points and get the secret key using the
parameters.
● For the sake of simplicity and practical implementation of the algorithm, we will
consider only 4 variables, one prime P and G (a primitive root of P) and two
private values a and b.
● P and G are both publicly available numbers. Users (say Alice and Bob) pick
private values a and b and they generate a key and exchange it publicly. The
opposite person receives the key and that generates a secret key, after which
they have the same secret key to encrypt.
Working
1. Alice and Bob publicly agree to use a modulus p = 23 and base g = 5
(which is a primitive root modulo 23).
2. Alice chooses a secret integer a = 4, then sends Bob A = ga mod p
○ A = 54 mod 23 = 4 (in this example both A and a have the same
value 4, but this is usually not the case)
3. Bob chooses a secret integer b = 3, then sends Alice B = gb mod p
○ B = 53 mod 23 = 10
4. Alice computes s = Ba mod p
○ s = 104 mod 23 = 18
5. Bob computes s = Ab mod p
○ s = 43 mod 23 = 18
6. Alice and Bob now share a secret (the number 18).
Applications of Diffie-Hellman Algorithm
● Public Key Infrastructure: The public-key infrastructure (PKI) is a set of tools
and rules to enforce public key cryptography with multiple entities. It also governs
the issuance of digital certificates over the internet to maintain data
confidentiality. With the Diffie-Hellman algorithm as the base, the PKI system was
created to enable the exchange of public keys with anyone who requests for it
and has the appropriate Permissions.
● SSL/TLS Handshake: Internet browsers are authenticated with website servers
using an SSL/TLS certificate and many keys. This is possible only because of
the key exchange algorithm, which enables the secure exchange of
cryptographic entities over all channels.
● Secure Shell Access (SSH): SSH is a cryptographic protocol used to access
system terminals from a third-party appliance or application. The Diffie-Hellman
algorithm assists in exchanging the keys between both systems before enabling
remote access.
● VPN (Virtual Private Network): VPNs use Diffie-Hellman to establish a secure
connection between the user's device and the VPN server, ensuring privacy and
data integrity.
● Secure Email Communication: Email protocols like PGP (Pretty Good Privacy)
and S/MIME (Secure/Multipurpose Internet Mail Extensions) use Diffie-Hellman
for key exchange to enable secure email communication.
● Secure Chat Applications: Messaging apps often use Diffie-Hellman for secure
key exchange, enabling users to have private and confidential conversations.
● Digital Signatures and Key Exchange in Blockchain: Diffie-Hellman is
employed in blockchain technology for secure key exchange and digital
signatures, ensuring the integrity and authenticity of transactions.
Advantages of Diffie-Hellman Key Exchange
● The sender and receiver don’t need any prior knowledge of each other.
● Once the keys are exchanged, the communication of data can be done through
an insecure channel.
● The sharing of the secret key is safe.
● Diffie-Hellman offers perfect forward secrecy, meaning that even if a party's
private key is compromised, past communications remain secure because the
session keys are ephemeral and are not stored.
● It can be used with different encryption algorithms, allowing for flexibility in
choosing appropriate ciphers for specific applications.
● Diffie-Hellman eliminates the need for both parties to have pre-shared keys,
making it suitable for scenarios where keys cannot be exchanged in advance.
● Public parameters (prime number and primitive root modulo) can be reused,
reducing the computational overhead of key generation.
Disadvantages of the Diffie Hellman Algorithm
● The algorithm can not be used for any asymmetric key exchange.
● Similarly, it can not be used for signing digital signatures.
● Since it doesn’t authenticate any party in the transmission, the Diffie Hellman key
exchange is susceptible to a man-in-the-middle attack.
● Diffie-Hellman does not provide authentication by itself. Parties need to verify
each other's identities separately to prevent impersonation attacks.
● The computation of large exponents can be intensive, especially for devices with
limited computational resources. This can be mitigated by using efficient
algorithms and hardware acceleration.
● Diffie-Hellman only provides a method for key exchange. Managing and securing
the exchanged keys for further encryption (symmetric encryption) is the
responsibility of the communicating parties and requires additional protocols and
mechanisms.
● With the advent of quantum computers, algorithms like Shor's algorithm can
efficiently solve the discrete logarithm problem upon which Diffie-Hellman relies.
As a result, Diffie-Hellman is not quantum-resistant and requires post-quantum
cryptographic solutions for long-term security.
Difference between Diffie- Hellman Key Exchange and RSA:
S.No Characteristic Diffie- Hellman RSA
1. Keys Type of Uses One Private Key Uses One Public and One
Algorithm Private Key.
2. Key Generation of Uses Exponential Methods. Uses Cryptographic
Algorithm Methods.
3. Encryption & Symmetric Key Encryption Asymmetric Key Encryption
Decryption Adopted. Adopted.
Techniques
4. Owners of Only allows authorized Encryption can be performed
Encryption & people to access the keys, by anyone, but only
Decryption perform Encryption & authorized users can perform
Techniques Decryption. the activity of decryption.
5. User Authentication Does not authenticate the RSA ensures secure
and Safety users participating in the communication by
key exchange. authenticating the users and
all the communication.
6. Security issues Diffie-Hellman is vulnerable RSA is vulnerable to integer
to discrete logarithms. factorization.