Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [diffie-hellman]

The Diffie–Hellman key agreement is an anonymous, non-authenticated key-agreement protocol.

The Diffie–Hellman key agreement is an anonymous, non-authenticated key-agreement protocol. U.S. Patent 4,200,770, from 1977 (now expired) describes the algorithm. It credits Hellman, Diffie, and Merkle as inventors.

DH is one of the earliest, practical examples of public key exchange implemented within the field of cryptography and provides the basis for a variety of authenticated protocols. For example: DH is used to provide perfect forward secrecy in Transport Layer Security's ephemeral modes (referred to as EDH or DHE depending on the cipher suite). The Diffie–Hellman key agreement was followed shortly afterwards by RSA, an implementation of public key cryptography using asymmetric algorithms.

1073 questions
13
votes
1 answer

Explanation of the Decision Diffie Hellman (DDH) problem.

I'm extremely new to crypto, and very much inexperienced. Lately I've been reading about the Diffie-Hellman key-exchange methods, and specifically about the computational diffie-hellman assumption vs. decision diffie-hellman assumption. Specifically…
Nico Bellic
  • 525
  • 2
  • 5
  • 8
13
votes
1 answer

Diffie-Hellman Parameter Check: when g = 2, must p ≡ 11 (mod 24)?

I'm adding some Diffie-Hellman groups to a program as specified in RFC 3526, More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE). When I test some of the group parameters per OpenSSL's DH_check, a result is returned…
user10496
12
votes
1 answer

Diffie-Hellman: choosing wrong generator "g" parameter and its implications of practical attacks

In traditional DH one chooses two shared parameters: a large prime $p$ and base $g$, which is primitive root $\bmod p$. Suppose that the generation algorithm is broken and $g$ generates only a subgroup (the group with fewer elements than the number…
Pat Kug
  • 123
  • 1
  • 4
11
votes
1 answer

Should I use self generated or predefined RFC 7919 DH groups?

On a wiki page, archived by now, Mozilla switched from recommending self generated DH groups to the ones predefinded in RFC 7919. The recommendation was accompanied by the statement These groups are audited and may be more resistant to attacks…
wedi
  • 211
  • 1
  • 5
8
votes
3 answers

Finding roots in $\mathbb{Z}_p$

Is there an efficient way (algorihtm) to compute the solutions of the congruence $x^n\equiv a \pmod p$? $n\in \mathbb{N}$ $a\in\mathbb{Z}_p$ $p$ is a large prime number Note that: By efficient I mean computationally efficient even when the given…
epsilon
  • 183
  • 7
8
votes
1 answer

What is a generator?

I am trying to read up on the math behind DH and ran into the word generator used a lot. I am not sure what it means. Can someone explain? I see this question where the OP talks about g as the generator. The accepted answer does not make me…
user220201
  • 861
  • 3
  • 9
  • 14
7
votes
1 answer

DDH Assumption Not Holding

Reading about the Decisional Diffie-Hellman on Wikipedia, I came across this section: Importantly, the DDH assumption does not hold in the multiplicative group $\mathbb{Z}^*_p$, where $p$ is prime. This is because given $g^a$ and $g^b$, one can…
guy
  • 229
  • 2
  • 12
7
votes
2 answers

Diffie-Hellman, random number size

During the key exchange, Alice and Bob both select a random natural number. The question is how big this integer is? How many digits/bits it must have at least/most?
Kroma
  • 235
  • 2
  • 7
7
votes
1 answer

Is it insecure to generate a key with your own public and private DH keys?

Is a secret key generated with its own public and private keys any less secure than a "normal" secret key generated using DH key exchange? Example: KeyPair keyPair = kpg.genKeyPair(); publicKey = (DHPublicKey) keyPair.getPublic(); privateKey =…
palindrom
  • 173
  • 5
7
votes
1 answer

Verifying Diffie–Hellman parameters someone else generated

I am auditing some software that includes compiled in Diffie–Hellman parameters (2048 bits). I can't be sure who generated the DH parameters or how they were generated. Question: Can DH parameters be weak if they were generated improperly or made…
Gregor
  • 203
  • 1
  • 7
5
votes
1 answer

What's the difference between DH and DHM?

Is DHM just Diffie-Hellman with Merkle added to the name?
Maarten Bodewes
  • 92,551
  • 13
  • 161
  • 313
5
votes
1 answer

Small subgroup attack on Diffie-Hellman key exchange

Alice and Bob are using DHKE in the group $\mathbb{Z}_p^ * $, where $p = 1031 = 2 \cdot 5 \cdot 103 + 1$. Their generator $g = 2$, which generates a multiplicative group of order $515$ in $\mathbb{Z}_{1031}^ * $. This group has a subgroup…
user1812
  • 185
  • 1
  • 6
5
votes
3 answers

Is the $\ell$-Diffie Hellman Inversion easy when g is known?

From here they define the $\ell$-Diffie Hellman inversion problem as: Given $g^{a},g^{a^2}\ldots,g^{a^{\ell}} \in G$, compute $g^{a^{-1}}$ Would this problem become easy if the generator $g$ is also known?
blz
  • 55
  • 5
4
votes
1 answer

Safety of a pre-keyed DH-Key Exchange

Asuming this scenario: Bob and Alice each have the public key of the other party for a D-H function and want to exchange data. Now, if they each generate their shared secret, is it safe to assume that: They can exchange messages safely without the…
icefex
  • 143
  • 2
4
votes
3 answers

After a diffie hellman key exchange, what is the common secret used for?

What is the common secret that is established used for? What types of interactions are now possible?
user1305
  • 141
  • 3
1
2 3 4 5 6 7 8