The Diffie–Hellman key agreement is an anonymous, non-authenticated key-agreement protocol.
1
vote
1answer
54 views
Can Diffie-Hellman be scaled up or force-multiplied?
I'm not too familiar with the math involved with the exchange of keys, I've read it over several times, but math isn't my strong point. My understanding is that smart people are hard at work to ...
-1
votes
1answer
44 views
How to use the key from a Diffie Hellman exchange? [on hold]
I watched a YouTube video about Diffie-Hellman called "Diffie-Hellman Key Exchange", and it said after doing some modulo operations with the public modulus and generator and the random private ...
1
vote
1answer
44 views
Static DH/Static ECDH certificate using OpenSSL
I've been searching for some time and have found no way to create a working certificate and private key pair with a DH or ECDH public key using OpenSSL. Once I do this, I'd like to sign it with an RSA ...
1
vote
0answers
47 views
Are there any obvious techncial faults in F. Ruiz's 2013 URSA javascript cryptography? [closed]
The link to the cryptography is here: http://prgomez.com/ursa/
I have found the following simple javascript system of encryption/decryption portable and easy to use for emails and messaging sites, ...
4
votes
3answers
425 views
Diffie-Hellman and man-in-the-middle attacks
See here for the man-in-the-middle attack on Diffie-Hellman that I'm concerned about: What is Diffie-Hellman?
How do we combat this? I have two questions:
Is one solution for both Alice and Bob ...
0
votes
0answers
41 views
Selecting a Bouncy Castle named curve for ECC [duplicate]
I have been tasked with implementing ECDSA and ECDH in Java using the Bouncy Castle library. However, I am unsure of what curve to use.
I am aware of the named curves listed in BC, and I've done a ...
8
votes
1answer
143 views
Proof of Communication
I desire an algorithm in which Alice sends a block of data $X$ to Bob, with proof that the data was both sent and received. Ideally this would take the form of a public-key signature of the block $X$ ...
2
votes
2answers
78 views
Diffie–Hellman Ephemerality Nomenclature
Below is a short excerpt of available DH cipher suites available on a machine.
I understand EDH is ephemeral DH, and that ECDH is for Elliptic-Curve DH which is computationally faster. ECDHE is both ...
-3
votes
1answer
76 views
Is encryption mainly using Diffie-Hellman Key Exchange?
I know how Diffie-Hellman Key Exchange works.
Is this the main way of encrypting with PGP, ssh, ssl (https), DKIM, ...?
I wonder if Diffie-Hellman is the clue to understand how encryption with ...
-4
votes
1answer
84 views
How does Diffie-Hellman key exchange work? [closed]
I've been learning about cryptography lately and I'm failing to understand how Diffie-Hellman key exchange works. Can someone please demonstrate using mathematical notation (and if possible, ...
5
votes
1answer
111 views
Discovering private exponent from public key
I'm going to assume this isn't possible, but I have to ask because I'm trying to fundamentally understand what I've thus far been trying to implement by following an RFC.
SRP-6a starts off with ...
7
votes
1answer
97 views
Implementation and Testing of SRP-6a
I have been wracking my brain trying to develop a functioning implementation of SRP-6a in Python to use with a 3rd-party API that claims to use SRP-6a with $N=$ 2048-bit prime and generator of $2$. ...
6
votes
2answers
198 views
Is perfect-forward secrecy achieved with RSA?
I am new to cryptography and am going through the book Understanding Cryptography by Paar and Pelzl.
From what I understand Symmetric key distribution systems like Kerberos do not provide PFS ...
4
votes
3answers
139 views
Is it secure to use Diffie-Hellman key agreement to generate a nonce?
I have a system, using AES, in one of the modes that uses a nonce and authentication.
We have a pre-shared key, and to agree about initial nonce we could use Diffie-Hellman, using the resulting ...
3
votes
1answer
204 views
Security equivalent to Diffie–Hellman problem?
I've been doing the security proof for one of my Theorem. Basically, given
$g^a$, $g^b$, $g^{cb}$, $g$ and $c$ as known values. Is the problem of computing $g^{acb^{-1}}$ equivalent to the Diffie ...
2
votes
3answers
99 views
Can a EC private key be derived from a public key?
I understand that the public key does not expose the private key. That is not the question.
The question is: Given a EC public key, can a different, but plausible and functional private key be ...
2
votes
0answers
73 views
Difference between “ECDH with cofactor key” and “ECDH without cofactor key”?
I need to use “ECDH with a cofactor key” for generating symmetric key. I have a fair idea on how ECDH works, but I don’t understand the cofactor part.
What is the difference between ”ECDH with a ...
1
vote
1answer
97 views
Use ElGamal to solve Diffie-Hellman problem
Say we are able to decrypt a Elgamal ciphertext $c$ using only the public key. Apparantly it is now possible to solve the Diffie-Hellman problem (given $g^a, g^b$ calculate $g^{ab}$). How?
I know how ...
0
votes
1answer
87 views
Problem with Python Implementation of Key Exchange part OTR Protocol
Being new to software development and crypto in general, I thought I would write a simple p2p encrypted chat app using the otr protocol detailed here: https://otr.cypherpunks.ca/Protocol-v3-4.0.0.html
...
5
votes
1answer
103 views
Condensed ElGamal + AES
In normal ElGamal encryption, the encrypted message is a pair (gb, gabM) - that is, the actual "encryption" is simply multiplication by the shared secret ...
1
vote
1answer
72 views
Public Key Cryptography: Diffie-Hellman Key Exchange
Please watch this video it's very short. If you already know cryptography and really good at it please start from 3:51.
I didn't understand the step at 4:39, can someone here to explain?
Why is ...
1
vote
1answer
69 views
DH “prime size” security in OpenSSL
There's a program that uses the following OpenSSL function...
DH_generate_parameters(256, 5, NULL, NULL)
...to create DH parameters which are later used for ...
2
votes
1answer
55 views
TLS - sharing 1792 bits of unidirectional keys
I've just watched a video on the TLS protocol and learnt that it uses unidirectional keys (meaning keys for both sides, from browser to server and from server to browser).
Given that the server uses ...
7
votes
1answer
137 views
curve25519 weak points for contributory behaviour
The Diffie-Hellman on curve25519 is usually calculated using the base point $(9,…)$ which induces a cyclic subgroup of $G:=\{\infty\}\cup(E(F_{p^2})\cap(F_p\times F_p))$ with index 8, i.e. there is a ...
1
vote
2answers
124 views
weaknesses in ElGamal with public key of small order
Suppose $p=29$, $\alpha = 2 \in F_p^*$ is a generator of $F_p^*$. Bob picks $d \in \{2,...,27\}$ such that $\beta = \alpha ^d=28 \pmod{29}$. He then sends his $(p,\alpha ,\beta)$ to Alice who herself ...
6
votes
1answer
182 views
Perfect Forward Secrecy with NaCl
I would like to use the NaCl cryptography library (or TweetNaCl), but I would very much like to have perfect forward secrecy for my application.
From what I understand, all Bob needs to to decrypt a ...
3
votes
1answer
217 views
What is a generator?
I am trying to read up on the math behind DH and ran into the word generator used a lot. I am not sure what it means. Can someone explain?
I see this question where the OP talks about g as the ...
1
vote
1answer
72 views
Key exchange if forward secrecy is not an issue
Let's say that we have a cryptosystem where Forward Secrecy and Man-In-The-Middle attacks are not an issue, purely hypothetically.
Would it be correct for a key exchange with any given public-key ...
1
vote
1answer
99 views
DH key exchange with only one end authenticated
We know there is a man in the middle vulnerability with unauthenticated DH key establishment. And the way to negate that is to use authenticate the keys used. But what if I only verify the signature ...
1
vote
1answer
39 views
Computational Diffie-Hellman problem over the group of quadratic residues
Suppose that $N=pq$ where $p$ and $q$ are safe primes. $\mathbb{QR}_N$ is the group of quadratic residues which is a cyclic group with order $\frac{\phi(N)}{4}$. Let $g$ be the generator of ...
1
vote
1answer
100 views
In the STS Authentication Protocol, why are the signatures encrypted?
From Wikipedia:
(1) Alice → Bob : g^x
(2) Alice ← Bob : g^y, E_K(S_B(g^y, g^x))
(3) Alice → Bob : E_K(S_A(g^x, g^y))
I know there should be something I'm ...
0
votes
1answer
79 views
Diffie Hellman Key Exchange (Finding # of bits/digits of secret key)
As we know that in DH key exchange, both Alice and Bob would agree on the parameter $p$ and $g$. Next, Alice would choose a secret key $A$ while Bob would choose a secret key $B$. Alice would compute ...
1
vote
1answer
67 views
Are the RFC3526 MODP groups Schnorr groups?
I was wondering if a group like the 1536-bit MODP Group from RFC 3526 was a
Schnorr group?
A Schnorr group must apparently have:
$p$ and $q$ being primes
$p = q\cdot r+1$
$1 < h < p$
...
-1
votes
2answers
39 views
How to make sure the pre-agreed information safe for DH-Key Exchange
The definition of DH key exchange was given as the method let two authenticate each other & exchange the crypto key over an insecure channel.
DH-key-exchange was innovated to defence ...
2
votes
2answers
132 views
Perfect Forward Secrecy in TLS
I read that TLS does PFS using Diffie Hellman. However, DH can be used even without certificates - so how is DHE-RSA better than plain DHE?
Is DHE a insecure algorithm, that DHE-RSA is needed?
0
votes
1answer
148 views
Demonstrating Diffie-Hellman key exchange using only p, A, B;
I'm trying to figure out how to demonstrate DH key exchange using what is given to me. I'm unsure of how to tackle the problem.
Question:
Demonstrate Diffie-Hellman key exchange.
Given p=104933, ...
2
votes
2answers
149 views
Is there a point using GCM block chiper with Authenticated DH?
I'm delivering shared secret with DH exchange, using a static key for signing and an ephemeral for session, so is there a point using GCM for encrypting the data, or is a simple CBC/CTR block cipher ...
0
votes
1answer
331 views
TLS/SSL's usage of Non-Ephemeral DH vs DHE
These questions revolve around DH and ECDH vs DHE and ECDHE. Specifically within the context of TLS/SSL. There are three ...
5
votes
1answer
121 views
Side-channel attacks against ECDH for Weierstrass normal form curves
I hear a lot about why Montgomery curves are used in ECC, and one reason is that the same algorithm can be used to do both point addition and doubling (this is not true for the Weierstrass normal ...
5
votes
2answers
138 views
Is it safe to reuse ECDH asymmetric keys for authentication?
Alice, Bob, and Carol each generate ECDH keypairs. Alice and Bob establish a communication channel and negotiate an AliceBob secret.
The question is: Is it safe for Alice and/or Bob to reuse their ...
0
votes
1answer
109 views
Why is DDH not hard over $\mathbb{Z}^*_p$?
Why is Diffie-Hellman key exchange not hard over $\mathbb{Z}^{*}_p$?
3
votes
1answer
52 views
Where did Martin Hellman acknowledge Ralph Merkle's contribution to public-key cryptography?
I am trying to find the article to reference when discussing the Diffie-Hellman key exchange.
According to Wikipedia Hellman said that
The system...has since become known as Diffie–Hellman key ...
2
votes
1answer
103 views
How can I show that the DDH problem is self-reducible?
I have trouble to understand how I can show that the Decisional Diffie-Hellman problem (DDH) is self-reducible.
I found this as a description of a random self-reducible problem.
...
1
vote
0answers
77 views
Does “use of SHA-256 in cryptography” imply use of SHA-256 both in HMAC and DH key exchange, assuming these are the only uses of hash in system? [closed]
I am beginner to Cryptography. And recently I came across the requirement like "use of SHA-256 in cryptography".
Does "use of SHA-256 in cryptography" imply use of SHA-256 both in HMAC and DH key ...
1
vote
2answers
269 views
why inverse in diffie-hellman protocol will not give same value?
Security of diffie hellman protocol is $K=g^{ab}$.if sender want to calculate value of $b$(given $a$) he can do $g^{{{ab}^b}^{-1}}$(where K=$g^{ab}$) which will give $g^{a}$ as we are cancelling value ...
1
vote
1answer
201 views
Why is “multiplying” $g^x$ and $g^y$ not possible?
The computational Diffie-Hellman problem states that for a cyclic group $G$ of order $p$ and a generator $g$, it is hard to find the value $g^{xy}$ given only $g^x$ and $g^y$ (but easy if either $x$ ...
1
vote
1answer
66 views
Convincing “someone” on the (in)validity of DH tuple without revealing $u,v$
Is there a way of convincing someone on (in)validity of Diffie Hellman tuple $<g, g^u, g^v, g^{w}>$ without giving away $u,v$.
or at least solve the Decisional Diffie Hellman Problem without ...
1
vote
1answer
240 views
Burmester-Desmedt (BD) key agreement protocols
How do you perform the Burmester-Desmedt key exchange Protocol, in Diffie-Hellman
extension protocol?
I've been searching high and low, but couldn't locate an example on how to prove if all the party ...
3
votes
1answer
608 views
Diffie-Hellman Key Exchange with Authentication: Man-in-the-Middle query
I have been reading up on MiTM attacks, and the prevention of them using public key certificates. Recently I learnt about Diffie-Hellman Key Exchange with Authentication, and how it uses signed ...
3
votes
1answer
201 views
RFC 3526 - What does pi mean?
In RFC 3526 there are a series of primes listed as standard parameters used for Diffie-Helman. The primes are list in two formats. One is the long format, where the number is given in hex. For ...
