DH key exchange is a security protocol that allows two parties to create a key on an insecure channel. Even if the data sent to each other is known to a third party, there is no way to know the key of the encrypted message.
The main idea of solving the problem can be explained as follows:
What if Alice and Bob want to negotiate a color that only they know about, but not a third party? The solutions are as follows:
Start with a common color (yellow) that everyone knows, and it doesn’t matter if a third party knows.
Alice picks a color that only she knows (red in the picture) and mixes it with the known yellow to form a new color (brown in the picture).
Bob also took a color that only he knew (light green in this case) and mixed it with the well-known yellow to create a new color (light blue in this case).
Alice and Bob swap colors. (It is assumed that it is difficult for people to find out which two colors are mixed from the mixed colors, the security guarantee depends on this, so even if a third party knows the mixed colors, it is useless because it cannot infer only the red and light green that Alice and Bob know themselves)
After Alice receives the mixed color sent by Bob, she adds the red that only she knows, and gets the secret color = yellow + red + light green (earth color is at the bottom of the picture).
After Bob receives the mixed color sent by Alice, he adds the light green that only he knows, and gets the secret color = yellow + light green + red.
At this point, Alice and Bob each have a secret color that only they know, and the secret color is the same.
The key here is that when you mix the colors, you don’t know which two colors are mixed. From this, it’s easy to think of a mathematical problem, the discrete logarithm problem. The mathematical description is as follows:
hereOnly Alice knows,Only Bob knows,It’s public,Is the final calculated shared key.
The general description is as follows:
Alice and Bob negotiate a finite cyclic groupAnd one of its generators, a large prime number;
Alice generates a random numberTo calculate theThat will beSend to Bob;
Bob generates a random numberTo calculate theThat will beSend to Alice;
Alice to calculateTo obtain the shared key;
Bob calculationTo obtain the shared key;
Because groups are commutative, it involves number theory and algebra. Both Alice and Bob negotiateAs the shared key.
Finally, security issues. DH key exchanges are eavesdropping proof (that is, it doesn’t matter if you know the data we’re exchanging), but DH itself does not provide authentication services for the communication parties (the premise of a proper exchange is that Alice must be sure that Bob is on the other side), and cannot resist man-in-the-middle attacks.
Reference document: Diffie – Hellman Key Exchange
Welcome to pay attention to wechat public number, make progress a little bit every day, Let’s go!
Only Alice knows,
Only Bob knows,
It’s public,
Is the final calculated shared key.
Only Alice knows,
Only Bob knows,
It’s public,
Is the final calculated shared key.And one of its generators
, a large prime number
;
That will be
Send to Bob;
That will be
Send to Alice;
To obtain the shared key
To obtain the shared key
And one of its generators
, a large prime number
;
That will be
Send to Bob;
That will be
Send to Alice;
To obtain the shared key
To obtain the shared keyBecause groups are commutative, it involves number theory and algebra. Both Alice and Bob negotiate
Because groups are commutative, it involves number theory and algebra. Both Alice and Bob negotiate