Questions tagged [diffie-hellman]
The Diffie–Hellman key agreement is an anonymous, non-authenticated key-agreement protocol.
1,088
questions
1
vote
2
answers
193
views
Why using q = (p - 1)/2 for discrete log Diffie-Hellman scalar operations and not p?
As defined in RFC 3526 the prime $p$ and generator $g$ are known. The prime $p$ defined there is a safe prime, which can also be expressed as $p=2q+1$ with $q$ prime. The amount of elements in this ...
- 121
1
vote
1
answer
162
views
DH Encrypt by XOR
I'm working in the Curve25519 domain (EC curve, 256-bit key size).
I have a peer pubkey, and need to send it an encrypted message.
For starters we create a "nonce" (ephemeral key), and use ...
- 359
1
vote
1
answer
288
views
How do I find the order of the subgroup in a Diffie-Hellman key exchange?
I'm implementing the Diffie-Hellman key exchange as specified in RFC 4253 for SSH.
Here's an extract from the RFC:
The following steps are used to exchange a key. In this, C is the client; S is the ...
1
vote
0
answers
50
views
Proof that Inverse CDH and Square CDH are equivalent
I am trying to prove said equivalence, but when proving SCDH -> ICDH using a reduction, I get stuck since I don't know how to compute $g^{x^2}$ starting from $g^{x^{-1}}$.
Suppose exists $A_{ICDH}$ ...
1
vote
0
answers
62
views
Is the following Inverse Computational co-Diffie-Hellman problem hard?
Let $\langle g \rangle \stackrel{\Delta}{=} \mathbb{G}$ and $\langle h \rangle \stackrel{\Delta}{=} \mathbb{H}$ be groups of prime order $p$. Given $( p, g, g^\delta, g^{\delta^{-1}}, h, h^\delta )$, ...
0
votes
0
answers
17
views
Safety per bit DHKA and ECDH
I have a project where I compare the classical Diffie Hellman key agreement with its implementation with elliptic curves. Therefore I need a list with the safety per bit. Does anyone know where I can ...
- 1
0
votes
0
answers
32
views
Is the MITM protection provided by BLE LESC passkey mechanism bidirectional?
I'm trying to understand whether the passkey mechanism described in BLE LESC pairing provides bidirectional MITM protection.
As far as I understand, A and B will generate the same shared secret using ...
0
votes
1
answer
65
views
diffie hellman key exchange compared with ECDH [closed]
I have to write a paper about the Diffie Hellman key agreement. I want to focus on the implementation with elliptic curves and comparing the safety for selected attacks such as Pollards Rho and ...
- 1
0
votes
0
answers
38
views
How some auxiliary information influence the CDH assumption?
I am proposing a multi-party group-key agreement protocol in my paper, which can be seen as an extension of the classic Diffie Hellman bipartite group key agreement. However, how to formalize the ...
- 1
0
votes
1
answer
47
views
Is shared secret and SKEYID are same in the IPSec?
I want to know that, is shared secret and SKEYID are same in the IPSec? I knew that from SKEYID, three further keys are generated (derivative, authentication and encryption). But from where this ...
4
votes
2
answers
113
views
How do I solve a discrete log using pen paper for exam without bruteforcing it?
I have my Network Security finals. In elgamal cryptosystem, I am often encountering these equations like this
3 = (10^XA) mod 19
now everywhere I am finding only ...
- 141
6
votes
3
answers
4k
views
Why does it take longer to generate suitably large primes for Diffie-Hellman key exchange as opposed to for RSA encryption / decryption?
For RSA, we need two primes p and q to define N = pq. We will only look how long it takes to generate a prime for p because the process is similar for q.
From my lecture slides, my professor states ...
- 63
1
vote
1
answer
71
views
Is it possible to use Diffie-Hellman protocol for symmetric group?
I was asked this question during one of my first cryptography classes, and I'm not sure if I understand it correctly. To begin, I know that after using the Diffie-Hellman protocol (which itself is ...
- 11
1
vote
1
answer
80
views
What's the difference between these two attacks?(Lim Lee and Sub group) I am a beginner can someone explain in detail?
I am reading collin boyd textbook to learn MTI key agreement and various attacks on them . I encountered two such attacks called Small sub group attack and Lim-Lee attack where in
Small sub group ...
- 11
0
votes
0
answers
36
views
Sending public key trough untrusted server
I am developing end-to-end encrypted chat system (which is open-source). When I want to give other client my public key, I need to send it trough server, right? I want to make sure no one can edit the ...
- 1