diff options
Diffstat (limited to 'source/know/concept/diffie-hellman-key-exchange')
-rw-r--r-- | source/know/concept/diffie-hellman-key-exchange/index.md | 26 |
1 files changed, 16 insertions, 10 deletions
diff --git a/source/know/concept/diffie-hellman-key-exchange/index.md b/source/know/concept/diffie-hellman-key-exchange/index.md index 4735209..3525881 100644 --- a/source/know/concept/diffie-hellman-key-exchange/index.md +++ b/source/know/concept/diffie-hellman-key-exchange/index.md @@ -7,18 +7,19 @@ categories: layout: "concept" --- -In cryptography, the **Diffie-Hellman key exchange** is a method -for two parties to securely agree on an encryption key, -when they can only communicate over an insecure channel. +In cryptography, the **Diffie-Hellman key exchange** is a method for two parties, +who can only communicate over an insecure channel, +to securely agree on an encryption key. The fundamental assumption of the Diffie-Hellman scheme, upon which its security rests, is that the following function $$f(n)$$ is a **trapdoor function**, which means that calculating $$f$$ is easy, -but its inverse $$f^{-1}$$ is extremely hard to find: +but its inverse $$f^{-1}$$ is extremely hard: $$\begin{aligned} - f(n) = g^n \bmod p + f(n) + \equiv g^n \bmod p \end{aligned}$$ Where $$n$$ is a natural number, and $$p$$ is a prime. @@ -39,9 +40,11 @@ Alice and Bob each choose a secret number from $$\{0, ..., p \!-\! 2\}$$, respec and then privately calculate $$A$$ and $$B$$ as follows: $$\begin{aligned} - A = g^a \bmod p - \qquad \quad - B = g^b \bmod p + A + \equiv g^a \bmod p + \qquad \qquad + B + \equiv g^b \bmod p \end{aligned}$$ Finally, they transmit these numbers $$A$$ and $$B$$ @@ -50,13 +53,16 @@ and then each side calculates $$k$$, which is the desired secret key: $$\begin{aligned} \boxed{ - k = A^b \bmod p = B^a \bmod p = g^{ab} \bmod p + k + \equiv A^b \bmod p + = B^a \bmod p + = g^{ab} \bmod p } \end{aligned}$$ The point is that $$k$$ includes both $$a$$ *and* $$b$$, but each side only needs to know *either* $$a$$ *or* $$b$$. -And, due to the trapdoor assumption, +Thanks to the trapdoor assumption, the eavesdropper knows $$A$$ and $$B$$, but cannot recover $$a$$ or $$b$$. |