« MAC and HMAC | Main | Artificial Intelligence »

March 12, 2005

Diffie Hellman

sharedkey.jpg

Diffe Hellman is a method for exchange securely shared key between two nodes over untrusted netwrok like internet, it's not encryption method,it's key aggrement protocol that was developed by Diffie and Hellman in 1976.
in fact it generates key between two nodes,it uses a mathematical algorithm with simple concept, let's take a look the following example :

- Node A and Node B agree on two numbers : p and g
p is a larg prime number and q is called the base or generator
- Node A picks a secret number a
- Node B picks a secret number b
- Node A choose public number x = g^a mod p
- Node B choose public number y = g^b mod p
- now Node A knows y and Node B knows x
* in this step they create key as follow :
- Node A k(a) = y^a mod p
- Node B k(b) = x^b mod p
In fact k(a) = k(b) = k (laws of algebra) in this section Node A and Node B know K as shared key.

unfortunately this method hasn't authentication so a man-in-the-middle can attack and decrypt any messages from Node A and Node B.
The authenticated Diffie-Hellman key agreement protocol was developed by Diffie, van Oorschot, and Wiener in 1992 to defeat the man-in-the-middle attack. it uses digital signature for authentication each origin.

Posted by Mehrdad at March 12, 2005 05:26 PM