University of Aden

College of Computer
Engineering of Networks

Diffie-Hellman Algorithm

Supervised by:
Eng/Wijdan

Prepared by:
Ayman Salah Ahmed Morshed /B201904009
Department: Network Level 4
What is Diffie-Hellman Algorithm ?

The Diffie–Hellman (DH) Algorithm is a key-exchange protocol that enables

two parties communicating over public channel to establish a mutual secret
without it being transmitted over the Internet. DH enables the two to use a
public key to encrypt and decrypt their conversation or data using symmetric
cryptography.

Why Diffie-Hellman Key Exchange Algorithm Needed?

A key exchange algorithm is needed in communication and cryptography for
several reasons:
 It enables two or more parties to agree upon a secret key without
exposing it to potential eavesdroppers, the key is then used for encryption
and decryption, which is vital for maintaining confidentiality in
communication.
 Preserving the data integrity was also a major challenge in digital
communication where data is always vulnerable to tempering while
transmission. A key exchange algorithm helps in preserving the integrity
of the transmitted data, it prevents unauthorized alteration or tampering
of data during transmission.
 A key exchange algorithm facilitates authentication of the
communicating parties, verifies who they claim to be, thus escalating the
risk of man-in-the-middle (impersonation) attack.
Thus along with encrypting the data for maintaining the confidentiality of the
communication, a key exchange algorithm was also needed to maintain the
integrity and authorized access of the information.
-----------------------------------------------------------------------
---------------------------------------
Method of Operation in Diffie-Hellman Key Exchange
Diffie-Hellman key exchange algorithm is based on the principles of modular
exponentiation and discrete logarithms to allow two parties to securely
establish a shared secret key over an insecure communication channel. Here is
an operational overview of the process in context to Alice and Bob :
1. Parameters Setup
Alice and Bob must agree upon two number:
 A large prime number p,
 A generator g of p, which is the primitive root of p
These two number are shared and are not kept secret.
2. Key Genera on
 Alice and Bob randomly chose a private key, say xa and xb, where xa is
the private key of Alice and xb is the private key of Bob.
 These private keys are kept secret and not being shared.
3. Public Key Exchange
 Both Alice and Bob perform a calculation to generate their corresponding
public keys.
ya = ga (mod p)
yb = gb (mod p),
where ya is the public key of Alice and yb is the public key of Bob
 The public key are then shared with each other, ya is shared with Bob and
yb is shared with Alice.
4. Shared Secret Key Calcula on
 Alice then calculates the shared secret using the yb received from Bob and
her private key as:
k = (yb)xa (mod p)
  Bob also calculates the shared secret using the ya received from Alice and
his private key xb as:
k = (ya)xb (mod p)
5. Resul ng Secret
Alice and Bob will end upon the same shared secret key, which can be used for
encryption and decryption of information using symmetric key algorithms.

Strength of Diffie-Hellman Key Exchange Algorithm

The Diffie-Hellman key exchange is secure because of the difficulty of
calculation discrete logarithms. An eavesdropper listening to the
communication channel for the exchanged value of ya and yb would find it
extremely difficult to determine shared secret without knowing the value of
xa or xb which are private keys and a limited to the one party.
Thus it allows two parties (say Alice and Bob) to securely establish a shared
secret key over an insecure channel without the need to transmit the key itself,
establishing a secure means for encrypted communication eliminating the
vulnerabilities associated in direct transmission of keys.
Perfect Forward Secrecy (PFS)
Perfect Forward Secrecy is the property in the cryptography that prevents the
exposure of long-term secret keys from compromising the past or future
communication. In context to Diffie-Hellman, prefect forward secrecy means
that even if an attacker were somehow gain / compute the private keys used
during a session, he would not be able to decrypt past communications or use
those keys to decrypt any of the future communication. It’s an important
property of a systems where the long-term security of data is crucial, it helps to
prevent the accumulation of data over time, making it more complex for
attackers to decrypt large amounts of data even if they obtain private keys or
have the ability to eavesdrop on communications.
Key Aspects of Perfect Forward Secrecy
 Use of Session Keys: Systems that implements Perfect Forward Secrecy
generates a unique session key for every session, so even if an attackers
manages to know the current session key, it cannot use it to decrypt past
or future communications, as each session keys becomes invalid after
session is over.
 Temporary Keys: The use of temporary keys generated by Perfect
Forward Secrecy system for each session, which is not use for other
sessions, ensuring that if one key is compromised, it doesn’t compromises
other communications.
 Zero Dependence on Long-term Keys: The long-term keys used for
authentication or key exchange, in case they are compromised other
communication remains secured. As they are used for the purpose of
establishing the session keys.
 Enhanced Security: Perfect Forward Secrecy add a layer to the security, in
scenarios where long-term keys might be at risk due to various factors
such as complex cyber attacks, compromised servers, or future
cryptographic development.
Advantages of the Diffie Hellman Algorithm
 The sender and receiver don’t need any prior knowledge of each other.
 Once the keys are exchanged, the communication of data can be done
through an insecure channel.
 The sharing of the secret key is safe.

Disadvantages of the Diffie Hellman Algorithm

 The algorithm can not be sued for any asymmetric key exchange.
 Similarly, it can not be used signing digital signatures.
 Since it doesn’t authenticate any party in the transmission, the Diffie
Hellman key exchange is susceptible to a man-in-the-middle-attack.

Example:
In a Diffie-Hellman Key Exchange, Alice and Bob have chosen prime value q =
17 and primi ve root = 5. If Alice’s secret key is 4 and Bob’s secret key is 6,
what is the secret key they exchanged?

Solution-

Given-
 n = 17
 a=5
 Private key of Alice = 4
 Private key of Bob = 6
Both Alice and Bob calculate the value of their public key and exchange with
each other.

Public key of Alice

= 5private key of Alice mod 17
= 54 mod 17
= 13

Public key of Bob

= 5private key of Bob mod 17
= 56 mod 17
=2

Both the parties calculate the value of secret key at their respective side.

Secret key obtained by Alice

= 2private key of Alice mod 7
= 24 mod 17
= 16

Secret key obtained by Bob

= 13private key of Bob mod 7
= 136 mod 17
= 16
Finally, both the parties obtain the same value of secret key.
The value of common secret key = 16.

Conclusion
The Diffie Hellman key Exchange has proved to be a useful key exchange
system due to its advantages. While it is really tough for someone snooping
the network to decrypt the data and get the keys, it is still possible if the
numbers generated are not entirely random. Also, the key exchange system
makes it possible to do a man in the middle attack; to avoid it, both parties
should be very careful at the beginning of the exchange.

--------------------------------------------------------------------
---------------------------------------------
----------------------