Apparently, few people today, using data transmission over insecure communication channels, imagine what the Diffie-Hellman algorithm is. In principle, many do not need this understanding. However, users of computer systems, so to speak, more curious, will not hurt to understand this. In particular, a key exchange using the Diffie-Hellman algorithm may be useful to users who are interested in information security and cryptography.
What is the Diffie-Hellman technique?
If we approach the question of the algorithm itself, so far, without going into technical and mathematical details, we can define it as a method of encrypting and decrypting the transmitted and received information between two or more users of computer or other systems involving data exchange using an insecure communication channel.
As already clear, in the absence of protection of the channel itself, an attacker can intercept or modify files that are in the process of transmission-reception. However, the Diffie-Hellman key distribution algorithm for accessing the transmitted and received data is such that extraneous interference is almost completely eliminated. At the same time, communication over the used communication channel (without protection thereof) becomes safe if both parties use the same key.
Background
The Diffie-Hellman algorithm itself was introduced to the world back in 1976. Its creators were Whitfried Diffie and Martin Hellman, who in their research on safe and reliable data encryption methods relied on the work of Ralph Merkle, who developed the so-called public key distribution system.
But if Merkl developed exclusively a theoretical basis, Diffie and Hellman presented to the public a practical solution to this issue.
The simplest explanation
Actually, the test itself is based on cryptographic encryption technologies, which even now surprise many experts in this field. The anthology of ciphers includes a fairly large history. The essence of the whole process comes down to the fact that there are two subscribers who correspond by e-mail or exchange some data using computer programs. But the protection is carried out in such a way that the Diffie-Hellman algorithm itself requires that the decryption key be known to two parties (transmitting and receiving). At the same time, it does not matter which one will generate the initial random number (this point will be explained when considering the key calculation formulas).
Early Data Encryption Technique
To make it clearer, we note that the most primitive way to encrypt data is, for example, writing words not from left to right, as is customary in most scripts, but from right to left. In the same way, you can easily use the replacement of the letters of the alphabet in the message. Say, in a word, the second letter changes to the first, the fourth to the third and so on. The document itself, when looking at it, can be complete nonsense. However, the one who wrote the source text tells the one who should read it in which order the given characters should be placed. This is called the key.
Note that most hitherto unencrypted texts and cuneiforms of the ancient Sumerians and Egyptians remain misunderstood by crypto-analysts just because they do not know how to establish the desired sequence of characters.
So in our case - the Diffie-Hellman algorithm implies the option that the decryption key is known to a limited number of users. True, it is worth making a reservation here, since interference with the transmission of encrypted data of this type can be violated by third parties if they solve the system of substitution or replacement of characters.
It goes without saying that today there are quite powerful cryptosystems based on algorithms like AES, but they do not give a full guarantee of protection against data hacking by a third party.
Well, now let’s dwell on the encryption system itself, its practical application and degree of protection.
Diffie-Hellman Algorithm: Assignment
The algorithm itself was created in such a way as to ensure not only the confidentiality of data during transmission by one side to the other, but also in order to safely extract it upon receipt. Roughly speaking, such a transmission system should provide full protection through all possible communication channels.
Remember at least the years of World War II, when the intelligence services of all Allied countries unsuccessfully hunted for a cryptographic machine called Enigma, with the help of which encoded messages were transmitted in Morse code. After all, not one, even the most “advanced” cryptography specialist, could figure out her cipher. Only after its capture was received the key to decrypt messages transmitted by the German fleet.
Diffie-Hellman Algorithm: Overview
So, the algorithm itself involves the use of several basic concepts. Suppose we have the simplest case when there are two subscribers (users) in communication. Denote them as A and B.
They use two numbers X and Y, which are not secret in the given communication channel, for transmit-receive control. The whole point of the question is to generate on their basis a certain new value, which will be the key. But! The first subscriber uses a large prime number, and the second one is necessarily an integer (divisible without remainder), but smaller in order than the first.
Naturally, users agree that these numbers are kept secret. However, since the communication channel is unprotected, these two numbers may become known to other interested parties. That is why users in the same messages exchange secret keys to decrypt messages.
Basic key calculation formulas
It is generally accepted that the Diffie-Hellman algorithm refers to the so-called symmetric encryption system, on the basis of which asymmetric cipher protocols appeared. However, if we consider the main aspects of calculating keys by the receiving parties, we will have to recall at least algebra.
So, suppose each of the subscribers generates random numbers a and b . They know in advance the values of x and y , which can even be “sewn” into the desired software.
When sending or receiving such a message, subscriber A calculates the key value based on the formula A = x a mod y , and the second uses the combination B = x b mod y , after which the decrypted key is sent to the first user. This is the first stage.
Now suppose that the third interested party has at their disposal both the calculated values of A and B. All the same, it cannot intervene in the data transfer process, because in the second stage you need to know how the shared key is calculated.
Based on the above formulas, we can stop on the calculation of the shared key. If you look at the Diffie-Hellman algorithm, an example might look something like this:
1) the first subscriber calculates a key based on x according to the formula B a mod y = x ab mod y ;
2) the second, based on the initial number y and the parameter B obtained by the network protocol determines the key based on the existing parameter A: A b mod y = x ba mod y .
As you can see, the final values coincide even when the degrees are rearranged. Thus, the decryption of data by both parties is reduced, as they say, to a single denominator.
Vulnerability to Interference with Data Transmission
As might be expected, third-party intervention is not excluded. However, in this case we are talking about initially set numbers of the order of 10 100 or even 10 300 .
It goes without saying that not a single one of the password or code generation generators created today can determine the number itself (except for the initial and final, not intermediate, parameters for interfering with the transmission system). It will take so much time that life on Earth will end. Nevertheless, there are still gaps in such a security system.
Most often they are associated with knowledge of discrete logarithms. If such knowledge is available, it is possible to crack the Diffie-Hellman algorithm (but only for initial and final parameters, as mentioned above). Another thing is that such knowledge has units.
Using an Algorithm for the Java Platform
The Diffie-Hellman algorithm in Java is used exclusively for calls such as client-server.
In other words, the server is waiting to connect client machines. When such a connection is made, the algorithm is executed to search for either a public or secret key, after which the user can get unhindered access to all the functions and data of the server itself. Sometimes this applies even to mobile systems, however, few people know about this, especially since the executive part operates in invisible mode in the form of executable scripts.
Using the algorithm for the C platform (+ / ++)
If you look at the Diffie-Hellman algorithm on "C" (+ / ++), then not everything is so smooth here. The fact is that sometimes the problem arises when the programming language itself for the most part works with calculations related to floating point. That is why when specifying integer values or when trying to round (even when raising to a power) , compilation problems may occur. This is especially true for the misuse of the int function.
However, it is worth paying attention to the other executable components, which, as a rule, represent the assignment of classes, the same exponentiation or related GMP attachable libraries.
Modern encryption algorithms
It is believed that the Diffie-Hellman algorithm is still no one can surpass. Actually, it was he who served as the basis for the emergence of such well-known security systems in the field of data encryption as AES128 and AES256.
However, as practice shows, despite the availability of numbers that are not abstractly perceived by humans, most systems of the current type use exclusively the values of the first ten (no more), although the algorithm itself implies numbers that are millions of times larger.
Instead of an afterword
In general, it is probably already clear what this system is and what are its algorithmic components. It remains only to add that it is endowed with such enormous opportunities that almost no one uses it in full.
On the other hand, there are clearly enough vulnerabilities in the algorithm. Judge for yourself: in fact, having written a program for computing discrete logarithms, almost any of its creators can access not only the initial parameters set by users, but also the shared keys that are generated in the encryption and decryption system.
In the simplest case, it is enough to install the same executable Java applet, which can be used even in mobile communications. Naturally, the user will not know about this, but anyone can use his data for his own purposes.