I\'m confused with the Diffe-Helman algorithm and how it\'s secure. I get how th
ID: 3839180 • Letter: I
Question
I'm confused with the Diffe-Helman algorithm and how it's secure. I get how there's a public prime number and base that anyone can access. I was told that it can encrypt data even if networks have been compromised. Below in italicized font is the definition which I base my question off below everything else:
Diffie-Hellman is a way of generating a shared secret between two people in such a way that the secret can't be seen by observing the communication. That's an important distinction: You're not sharing information during the key exchange, you're creating a key together.
This is particularly useful because you can use this technique to create an encryption key with someone, and then start encrypting your traffic with that key. And even if the traffic is recorded and later analyzed, there's absolutely no way to figure out what the key was, even though the exchanges that created it may have been visible. This is where perfect forward secrecy comes from. Nobody analyzing the traffic at a later date can break in because the key was never saved, never transmitted, and never made visible anywhere.
.....
The basic idea works like this:
1. I come up with two prime numbers g and p and tell you what they are.
2. You then pick a secret number (a), but you don't tell anyone. Instead you compute ga mod p and send that result back to me. (We'll call that A since it came from a).
3. I do the same thing, but we'll call my secret number b and the computed number B. So I compute gb mod p and send you the result (called "B")
4. Now, you take the number I sent you and do the exact same operation with it. So that's Ba mod p.
5. I do the same operation with the result you sent me, so: Ab mod p
What I'm confused about is for steps 2 and 3, if these numbers are publicly sent, how are they prevented from being viewed and used to solve and recreate the key for the two machines?
Diffie-Hellman is a way of generating a shared secret between two people in such a way that the secret can't be seen by observing the communication. That's an important distinction: You're not sharing information during the key exchange, you're creating a key together.
This is particularly useful because you can use this technique to create an encryption key with someone, and then start encrypting your traffic with that key. And even if the traffic is recorded and later analyzed, there's absolutely no way to figure out what the key was, even though the exchanges that created it may have been visible. This is where perfect forward secrecy comes from. Nobody analyzing the traffic at a later date can break in because the key was never saved, never transmitted, and never made visible anywhere.
.....
The basic idea works like this:
1. I come up with two prime numbers g and p and tell you what they are.
2. You then pick a secret number (a), but you don't tell anyone. Instead you compute ga mod p and send that result back to me. (We'll call that A since it came from a).
3. I do the same thing, but we'll call my secret number b and the computed number B. So I compute gb mod p and send you the result (called "B")
4. Now, you take the number I sent you and do the exact same operation with it. So that's Ba mod p.
5. I do the same operation with the result you sent me, so: Ab mod p
Explanation / Answer
In step 2 secret number is a , we are sending (ga) mod p
No one can recover a from (ga) mod p. Hence, secret number can't be easily extracted by anyone.
Similarly,
In step 3 secret number is b , we are sending (g)b mod p
No one can recover b from (gb) mod p. Hence, secret number can't be easily extracted by anyone.
Related Questions
drjack9650@gmail.com
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.