Diffie Hellman - Symmetric or Asymmetric
teancum144
Member Posts: 229 ■■■□□□□□□□
in Security+
The Diffie Hellman (DH) algorithm allows each party to compute the same secret key from a shared (non-private) prime number, a secret number, and two public numbers (computed from each party’s secret number). And this without ever exchanging the secret key - impressive!
However, the product of DH is symmetric keys (not asymmetric keys).
Wikipedia: "The Diffie–Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher."
DH is viewed as a public key algorithm because, from above, "two public numbers (computed from each party’s secret number)" are used to derive a symmetric key." These public numbers can be viewed as public keys used to derive a private symmetric key. However, these public numbers are not used in combination with a private key to encrypt or decrypt anything (no public/private key combination exists).
In summary, I don't see how DH can be viewed as an asymmetric algorithm when it clearly produces symmetric keys. Thoughts?
However, the product of DH is symmetric keys (not asymmetric keys).
Wikipedia: "The Diffie–Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher."
DH is viewed as a public key algorithm because, from above, "two public numbers (computed from each party’s secret number)" are used to derive a symmetric key." These public numbers can be viewed as public keys used to derive a private symmetric key. However, these public numbers are not used in combination with a private key to encrypt or decrypt anything (no public/private key combination exists).
In summary, I don't see how DH can be viewed as an asymmetric algorithm when it clearly produces symmetric keys. Thoughts?
If you like my comments or questions, you can show appreciation by clicking on the reputation badge/star icon near the lower left of my post.
Comments
-
f0rgiv3n Member Posts: 598 ■■■■□□□□□□DH uses two different numbers to derive the secret key. DH is asymmetric because each side has a different key to start with and they end up with the same secret key. I think it's a good way to envision that the symmetric keys they produce as the data.
DH is used to produce the symmetric key for a symmetric algorithm. DH in itself is not a data encryption algorithm necessarily but a way to agree on a secret key via a public network. Make sense?
The key term here is discrete logarithm. DH is one of my favorite things, it's extremely cool so let me elaborate:
Alice and Bob want to do a symmetric encryption of all their data between themselves. Symmetric encryption is faster and they need to get the data in between themselves confidentially and fast. So in order to use a symmetric algorithm they need to agree on a key to use, and it needs to be the same for encryption and decryption.
Using DH this is what they do (simplifying it a bit):
Alice and Bob decide, publicly on a number (15). Alice then chooses a secret number(2) that no one knows and takes the public number and puts it to the power of her secret number (15^2=225) and sends the result (225) to Bob.
Bob then does the same exact thing that Alice does, but with his secret number(3). So he takes the public number(15) and puts it to the power of his secret number (15^3=3375) and then sends the result (3375) to Alice.
At this point in the game Alice has Bob's result 3375 and Bob has Alice's result of 225. Now the fun part. Alice takes' Bob's result (3375) and puts it to the power of her secret number(3375^2=11390625). Then Bob takes Alice's result and puts it to the power of his secret number (225^3=11390625). Magically(or shall we say "mathically") they come up with the same number! -
teancum144 Member Posts: 229 ■■■□□□□□□□F0rgiv3n, yes that makes sense and helps clear things up. Your comments helped me to realize that the following are the asymmetric keys (inputs) to the DH algorithm:
- a shared (non-private) prime number
- a unique secret number for each party
- two public numbers (computed from the shared prime number and the secret number)
In hindsight, I wonder why I couldn't see it.If you like my comments or questions, you can show appreciation by clicking on the reputation badge/star icon near the lower left of my post. -
Khaos1911 Member Posts: 366That was awesome, F0rgiv3n! I've never seen it explained that way and it clicked right away for me. Thanks!
-
Darril Member Posts: 1,588Great answer, forgiv3n.
@teancum144, you'll the see the same thing with other asymmetric algorithms like SSL and TLS. They use asymmetric algorithms to create a symmetric key. -
Plan2succeed Member Posts: 12 ■□□□□□□□□□DH uses two different numbers to derive the secret key. DH is asymmetric because each side has a different key to start with and they end up with the same secret key. I think it's a good way to envision that the symmetric keys they produce as the data.
DH is used to produce the symmetric key for a symmetric algorithm. DH in itself is not a data encryption algorithm necessarily but a way to agree on a secret key via a public network. Make sense?
The key term here is discrete logarithm. DH is one of my favorite things, it's extremely cool so let me elaborate:
Alice and Bob want to do a symmetric encryption of all their data between themselves. Symmetric encryption is faster and they need to get the data in between themselves confidentially and fast. So in order to use a symmetric algorithm they need to agree on a key to use, and it needs to be the same for encryption and decryption.
Using DH this is what they do (simplifying it a bit):
Alice and Bob decide, publicly on a number (15). Alice then chooses a secret number(2) that no one knows and takes the public number and puts it to the power of her secret number (15^2=225) and sends the result (225) to Bob.
Bob then does the same exact thing that Alice does, but with his secret number(3). So he takes the public number(15) and puts it to the power of his secret number (15^3=3375) and then sends the result (3375) to Alice.
At this point in the game Alice has Bob's result 3375 and Bob has Alice's result of 225. Now the fun part. Alice takes' Bob's result (3375) and puts it to the power of her secret number(3375^2=11390625). Then Bob takes Alice's result and puts it to the power of his secret number (225^3=11390625). Magically(or shall we say "mathically") they come up with the same number!
The actual method - (refer to CBK official guide by Hernandez)
The prime number (p) and primitive root (g) used in Diffie–Hellmann are common to most users. this example will use p = 353 and g = 3.
Each user A, B would choose a random secret key X that must be less than the prime number.
If A chose the secret key of 97, one could write its secret key as XA = 97. The public key, YA, for user A would be calculated as YA = gAx mod p. Therefore, A would calculate YA = 397 mod 353 = 40.
If B chose the secret key of 233, the public key, YB, for user B would be calculated as YB = gBx mod p. Therefore, B would calculate YB = 3233 mod 353 = 248.
A and B would then exchange the public keys that they had calculated.
Using the following formula, they would each compute the common session key:
A computes the common key, K, as
B computes the common key as
The two parties A and B can now encrypt their data using the symmetric key of 160. This would be an example of a hybrid system.
I am sorry if I have been rude but that was not my intention..