Diffie Hellman - Symmetric or Asymmetric

teancum144teancum144 Member Posts: 229 ■■■□□□□□□□
The Diffie Hellman (DH) algorithm allows each party to compute the same secret key from a shared (non-private) prime number, a secret number, and two public numbers (computed from each party’s secret number). And this without ever exchanging the secret key - impressive!

However, the product of DH is symmetric keys (not asymmetric keys).

Wikipedia: "The Diffie–Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher."

DH is viewed as a public key algorithm because, from above, "two public numbers (computed from each party’s secret number)" are used to derive a symmetric key." These public numbers can be viewed as public keys used to derive a private symmetric key. However, these public numbers are not used in combination with a private key to encrypt or decrypt anything (no public/private key combination exists).

In summary, I don't see how DH can be viewed as an asymmetric algorithm when it clearly produces symmetric keys. Thoughts?
If you like my comments or questions, you can show appreciation by clicking on the reputation badge/star icon near the lower left of my post. :D

Comments

  • f0rgiv3nf0rgiv3n Connection Overlord Member Posts: 598 ■■■■□□□□□□
    DH uses two different numbers to derive the secret key. DH is asymmetric because each side has a different key to start with and they end up with the same secret key. I think it's a good way to envision that the symmetric keys they produce as the data.

    DH is used to produce the symmetric key for a symmetric algorithm. DH in itself is not a data encryption algorithm necessarily but a way to agree on a secret key via a public network. Make sense?

    The key term here is discrete logarithm. DH is one of my favorite things, it's extremely cool so let me elaborate:

    Alice and Bob want to do a symmetric encryption of all their data between themselves. Symmetric encryption is faster and they need to get the data in between themselves confidentially and fast. So in order to use a symmetric algorithm they need to agree on a key to use, and it needs to be the same for encryption and decryption.

    Using DH this is what they do (simplifying it a bit):

    Alice and Bob decide, publicly on a number (15). Alice then chooses a secret number(2) that no one knows and takes the public number and puts it to the power of her secret number (15^2=225) and sends the result (225) to Bob.

    Bob then does the same exact thing that Alice does, but with his secret number(3). So he takes the public number(15) and puts it to the power of his secret number (15^3=3375) and then sends the result (3375) to Alice.

    At this point in the game Alice has Bob's result 3375 and Bob has Alice's result of 225. Now the fun part. Alice takes' Bob's result (3375) and puts it to the power of her secret number(3375^2=11390625). Then Bob takes Alice's result and puts it to the power of his secret number (225^3=11390625). Magically(or shall we say "mathically") they come up with the same number!
  • f0rgiv3nf0rgiv3n Connection Overlord Member Posts: 598 ■■■■□□□□□□
    Sorry for the length post... DH makes me excited.
  • teancum144teancum144 Member Posts: 229 ■■■□□□□□□□
    F0rgiv3n, yes that makes sense and helps clear things up. Your comments helped me to realize that the following are the asymmetric keys (inputs) to the DH algorithm:
    • a shared (non-private) prime number
    • a unique secret number for each party
    • two public numbers (computed from the shared prime number and the secret number)
    The above includes both public and private (asymmetric) keys as inputs to the DH algorithm to produce the symmetric key - which will be used in a completely different algorithm (symmetric). I'm so used to asymmetric referring to different (public/private) keys used to encrypt/decrypt data (not to create a symmetric key). I didn't view DH's inputs (public/private numbers) as asymmetric keys. I only viewed the output (symmetric private key) as the DH algorithm's key.

    In hindsight, I wonder why I couldn't see it.
    If you like my comments or questions, you can show appreciation by clicking on the reputation badge/star icon near the lower left of my post. :D
  • Khaos1911Khaos1911 Member Posts: 366
    That was awesome, F0rgiv3n! I've never seen it explained that way and it clicked right away for me. Thanks!
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,917 Mod
    f0rgiv3n wrote: »
    sorry for the length post... Dh makes me excited.

    geek!!! Lol
  • f0rgiv3nf0rgiv3n Connection Overlord Member Posts: 598 ■■■■□□□□□□
  • DarrilDarril Member Posts: 1,588
    Great answer, forgiv3n.

    @teancum144, you'll the see the same thing with other asymmetric algorithms like SSL and TLS. They use asymmetric algorithms to create a symmetric key.
  • Plan2succeedPlan2succeed Member Posts: 12 ■□□□□□□□□□
    f0rgiv3n wrote: »
    DH uses two different numbers to derive the secret key. DH is asymmetric because each side has a different key to start with and they end up with the same secret key. I think it's a good way to envision that the symmetric keys they produce as the data.

    DH is used to produce the symmetric key for a symmetric algorithm. DH in itself is not a data encryption algorithm necessarily but a way to agree on a secret key via a public network. Make sense?

    The key term here is discrete logarithm. DH is one of my favorite things, it's extremely cool so let me elaborate:

    Alice and Bob want to do a symmetric encryption of all their data between themselves. Symmetric encryption is faster and they need to get the data in between themselves confidentially and fast. So in order to use a symmetric algorithm they need to agree on a key to use, and it needs to be the same for encryption and decryption.

    Using DH this is what they do (simplifying it a bit):

    Alice and Bob decide, publicly on a number (15). Alice then chooses a secret number(2) that no one knows and takes the public number and puts it to the power of her secret number (15^2=225) and sends the result (225) to Bob.

    Bob then does the same exact thing that Alice does, but with his secret number(3). So he takes the public number(15) and puts it to the power of his secret number (15^3=3375) and then sends the result (3375) to Alice.

    At this point in the game Alice has Bob's result 3375 and Bob has Alice's result of 225. Now the fun part. Alice takes' Bob's result (3375) and puts it to the power of her secret number(3375^2=11390625). Then Bob takes Alice's result and puts it to the power of his secret number (225^3=11390625). Magically(or shall we say "mathically") they come up with the same number!
    With all due respect, I am not sure if this is correct. Even considering that it is a simplification, the method given by you is wrong. I would not normally post it but since a lot of students will be looking for this site to provide a response to their queries, I am forced to post.

    The actual method - (refer to CBK official guide by Hernandez)

    The prime number (p) and primitive root (g) used in Diffie–Hellmann are common to most users. this example will use p = 353 and g = 3.
    Each user A, B would choose a random secret key X that must be less than the prime number.
    If A chose the secret key of 97, one could write its secret key as XA = 97. The public key, YA, for user A would be calculated as YA = gAx mod p. Therefore, A would calculate YA = 397 mod 353 = 40.
    If B chose the secret key of 233, the public key, YB, for user B would be calculated as YB = gBx mod p. Therefore, B would calculate YB = 3233 mod 353 = 248.
    A and B would then exchange the public keys that they had calculated.
    Using the following formula, they would each compute the common session key:
    A computes the common key, K, as




    B computes the common key as




    The two parties A and B can now encrypt their data using the symmetric key of 160. This would be an example of a hybrid system.

    I am sorry if I have been rude but that was not my intention..
Sign In or Register to comment.