The Diffie-Hellman algorithm: the purpose

Apparently, few people today, using data transmission over unprotected communication channels, imagine what the Diffie-Hellman algorithm is. In principle, many people do not need this understanding. However, users of computer systems, so to speak, more curious, to understand this will not hurt. In particular, the exchange of keys by the Diffie-Hellman algorithm can be useful to users interested in information security and cryptography.

What is the Diffie-Hellman technique?

If you approach the question of the algorithm itself, while not going into technical and mathematical details, you can define it as a method of encryption and decryption of transmitted and received information between two or more users of computer or other systems that involve the exchange of data using an unprotected channel.

As is already clear, in the absence of protection of the channel itself, an attacker can intercept or modify files that are in the process of sending and receiving. However, the Diffie-Hellman key distribution algorithm for accessing transmitted and received data is such that extraneous interference is almost completely eliminated. At the same time, communication over the used communication channel (without protecting it) becomes secure if both parties use the same key.

Prehistory

The Diffie-Hellman algorithm itself was introduced to the world back in the year 1976. Its creators were Whitfried Diffie and Martin Hellman, who in their search for safe and reliable methods of data encryption relied on the work of Ralph Merkle, who developed the so-called system of distribution of public keys.

But if Merkel developed an exclusively theoretical framework, Diffie and Hellman presented the public with a practical solution to this question.

The simplest explanation

Actually, the test itself is based on cryptographic encryption technologies, which even now surprise many specialists in this field. The anthology of ciphers includes a fairly large history. The essence of the whole process is reduced to the fact that there are two subscribers who correspond via e-mail or exchange certain data using computer programs. But the protection is done in such a way that the Diffie-Hellman algorithm itself requires that the decryption key be known to the two parties (the transmitting and receiving). In this case, it does not matter which of them generates the initial random number (this time is explained when considering formulas for calculating keys).

The method of encryption of data of early periods

To make it more clear, we note that the most primitive way of data encryption is, for example, writing words not from left to right, as is customary in most scripts, but from right to left. Similarly, it is easy to use and replace the letters of the alphabet in the message. For example, in a word the second letter changes to the first, the fourth to the third and so on. The very same document when looking at it can be a complete nonsense. However, the one who wrote the source text, tells the one who should read it, in which order it is necessary to arrange the given symbols. This is called the key.

Note that most of the still undeciphered texts and cuneiforms of the ancient Sumerians and Egyptians remain misunderstood by crypto-analysts simply because they do not know how to establish the desired sequence of symbols.

So in our case too, the Diffie-Hellman algorithm implies the option that the decryption key is known to a limited number of users. True, here again it is worth making a reservation, since interference in the transfer of encrypted data of this type can be violated by third parties if they solve the system of substituting or replacing symbols.

It goes without saying that today there are quite powerful cryptosystems based on algorithms such as AES, but they do not give a full guarantee of protection against hacking of data by a third party.

Well, now let's look at the encryption system itself, its practical application and the degree of protection.

The Diffie-Hellman algorithm: the purpose

The algorithm itself was created in such a way as to ensure not only the confidentiality of data transferred by one side to the other, but also to safely extract them on receipt. Roughly speaking, such a transmission system should provide full protection in all possible channels of communication.

Recall at least the years of World War II, when the intelligence of all the allied countries unsuccessfully hunted for an encryption machine called "Enigma", through which coded messages were transmitted on the Morse code. After all, no one, even the most, as we now say, "advanced" cryptography expert could unravel her code. Only after its capture was the key to the decipherment of messages transmitted by the German fleet.

Diffie-Hellman algorithm: an overview

So, the algorithm itself involves the use of several basic concepts. Let's say we have the simplest case, when there are two subscribers (the user) on the connection. Denote them as A and B.

They use two numbers X and Y, which are not secret in this communication channel, for control of the transmit-receive. The whole point of the matter is to generate on their basis a certain new meaning, which will be the key. But! The first subscriber uses a large prime number, and the second - necessarily the whole (dividing without a remainder), but smaller in order than the first.

Naturally, users agree that these numbers are kept secret. However, since the communication channel is unprotected, these two numbers may become known to other interested persons. That's why users in the same messages exchange private keys to decrypt messages.

Basic formulas for calculating the key

It is generally accepted that the Diffie-Hellman algorithm belongs to a system of so-called symmetric encryption, on the basis of which protocols of an asymmetric cipher appeared. However, if we consider the basic aspects of calculating keys by the receiving parties, we will have to recall at least algebra.

So, let's say each of the subscribers generates random numbers a and b . In advance, they know the values of x and y , which can even be "sewn" into the desired software.

When sending or receiving such a message, subscriber A calculates the key value based on the formula A = x ^a mod y , and the second uses the combination B = x ^b mod y , followed by the transfer of the decrypted key to the first user. This is the first stage.

Now suppose that the third stakeholder has at his disposal both calculated values of A and B. All the same, she can not interfere with the data transfer process, because in the second stage you need to know how the common key is calculated.

Based on the above formulas, you can stop on the calculation of the public key. If you look at the Diffie-Hellman algorithm, the example might look something like this:

1) the first subscriber calculates the key based on x by the formula B ^a mod y = x ^ab mod y ;

2) the second, starting from the initial number y and Obtained from the network protocol of parameter B, determines the key based on the available parameter A: A ^b mod y = x ^ba mod y .

As we see, the final values even when the degrees are interchanged coincide. Thus, the interpretation of the data by both sides is, as they say, reduced to a single denominator.

Vulnerability in interference with the data transfer process

As one might suppose, the intervention of a third party is not excluded. However, in this case we are talking about the initially specified numbers of the order of 10 ¹⁰⁰ or even 10 ³⁰⁰ .

It stands to reason that none of today's created password generators or access codes can determine the number itself (unless the initial and final, rather than the intermediate parameters for interference in the transmission system). This will take so long that life on Earth will end. Nevertheless, there are still gaps in such a security system.

Most often they are associated with the knowledge of discrete logarithm. If such knowledge is available, it is possible to crack the Diffie-Hellman algorithm (but only for the initial and final parameters, as mentioned above). Another thing is that such knowledge is possessed by units.

Using the Algorithm for the Java Platform

The Diffie-Hellman algorithm on Java is used exclusively for calls such as "client-server".

In other words, the server is waiting for client machines to connect. When such connection is made, the algorithm executes for searching either public or private key, after which the user can get unhindered access to all the functions and data of the server itself. Sometimes this applies even to mobile systems, however, very few people know about this, especially since the executive part works in invisible mode in the form of executable scripts.

Using the algorithm for the C platform (+ / ++)

If you look at the Diffie-Hellman algorithm on "C" (+ / ++), then here everything is not so smooth. The fact is that sometimes there is the problem of when the programming language itself mostly works with calculations related to the floating point. That is why when specifying integer values or when trying to round off (even when raising to power), there may be a problem when compiling. This is especially true for the misuse of the int function.

However, it is worthwhile to pay attention to the other executable components, which, as a rule, represent the task of classes, the same exponentiation or associated GMP attachable libraries.

Modern encryption algorithms

It is believed that the Diffie-Hellman algorithm still can not be surpassed. Actually, it was he who formed the basis for the emergence of such well-known protection systems in the field of data encryption, like AES128 and AES256.

However, as practice shows, despite the availability of numbers that are not abstractly perceived by man, most systems of the current type use only the values of the top ten (not more), although the algorithm itself implies numbers millions of times larger.

Instead of an afterword

In general, it is probably already clear what the system is and what its algorithmic components are. It only remains to add that it is endowed with such great opportunities that almost no one is using it to the full.

On the other hand, there are obviously enough vulnerabilities in the algorithm. Judge for yourself: after all, writing a program for calculating discrete logarithms, virtually any of its creators can access not only the initial parameters set by users, but also to the common keys that are generated in the encryption and decryption system.

In the simplest case, it's enough to install the same executable Java applet that can be used even in mobile communications. Naturally, the user does not know about it, but anyone can use his data for his own purposes.