summaryrefslogtreecommitdiff
path: root/source/know/concept/diffie-hellman-key-exchange
diff options
context:
space:
mode:
Diffstat (limited to 'source/know/concept/diffie-hellman-key-exchange')
-rw-r--r--source/know/concept/diffie-hellman-key-exchange/index.md26
1 files changed, 16 insertions, 10 deletions
diff --git a/source/know/concept/diffie-hellman-key-exchange/index.md b/source/know/concept/diffie-hellman-key-exchange/index.md
index 4735209..3525881 100644
--- a/source/know/concept/diffie-hellman-key-exchange/index.md
+++ b/source/know/concept/diffie-hellman-key-exchange/index.md
@@ -7,18 +7,19 @@ categories:
layout: "concept"
---
-In cryptography, the **Diffie-Hellman key exchange** is a method
-for two parties to securely agree on an encryption key,
-when they can only communicate over an insecure channel.
+In cryptography, the **Diffie-Hellman key exchange** is a method for two parties,
+who can only communicate over an insecure channel,
+to securely agree on an encryption key.
The fundamental assumption of the Diffie-Hellman scheme,
upon which its security rests,
is that the following function $$f(n)$$ is a **trapdoor function**,
which means that calculating $$f$$ is easy,
-but its inverse $$f^{-1}$$ is extremely hard to find:
+but its inverse $$f^{-1}$$ is extremely hard:
$$\begin{aligned}
- f(n) = g^n \bmod p
+ f(n)
+ \equiv g^n \bmod p
\end{aligned}$$
Where $$n$$ is a natural number, and $$p$$ is a prime.
@@ -39,9 +40,11 @@ Alice and Bob each choose a secret number from $$\{0, ..., p \!-\! 2\}$$, respec
and then privately calculate $$A$$ and $$B$$ as follows:
$$\begin{aligned}
- A = g^a \bmod p
- \qquad \quad
- B = g^b \bmod p
+ A
+ \equiv g^a \bmod p
+ \qquad \qquad
+ B
+ \equiv g^b \bmod p
\end{aligned}$$
Finally, they transmit these numbers $$A$$ and $$B$$
@@ -50,13 +53,16 @@ and then each side calculates $$k$$, which is the desired secret key:
$$\begin{aligned}
\boxed{
- k = A^b \bmod p = B^a \bmod p = g^{ab} \bmod p
+ k
+ \equiv A^b \bmod p
+ = B^a \bmod p
+ = g^{ab} \bmod p
}
\end{aligned}$$
The point is that $$k$$ includes both $$a$$ *and* $$b$$,
but each side only needs to know *either* $$a$$ *or* $$b$$.
-And, due to the trapdoor assumption,
+Thanks to the trapdoor assumption,
the eavesdropper knows $$A$$ and $$B$$,
but cannot recover $$a$$ or $$b$$.