📄 22-01.html
字号:
<!-- END SUB HEADER -->
<!--Begin Content Column -->
<FONT FACE="Arial,Helvetica" SIZE="-1">
To access the contents, click the chapter and section titles.
</FONT>
<P>
<B>Applied Cryptography, Second Edition: Protocols, Algorthms, and Source Code in C (cloth)</B>
<FONT SIZE="-1">
<BR>
<I>(Publisher: John Wiley & Sons, Inc.)</I>
<BR>
Author(s): Bruce Schneier
<BR>
ISBN: 0471128457
<BR>
Publication Date: 01/01/96
</FONT>
<P>
<form name="Search" method="GET" action="http://search.earthweb.com/search97/search_redir.cgi">
<INPUT TYPE="hidden" NAME="Action" VALUE="Search">
<INPUT TYPE="hidden" NAME="SearchPage" VALUE="http://search.earthweb.com/search97/samples/forms/srchdemo.htm">
<INPUT TYPE="hidden" NAME="Collection" VALUE="ITK">
<INPUT TYPE="hidden" NAME="ResultTemplate" VALUE="itk-full.hts">
<INPUT TYPE="hidden" NAME="ViewTemplate" VALUE="view.hts">
<font face="arial, helvetica" size=2><b>Search this book:</b></font><br>
<INPUT NAME="queryText" size=50 VALUE=""> <input type="submit" name="submitbutton" value="Go!">
<INPUT type=hidden NAME="section_on" VALUE="on">
<INPUT type=hidden NAME="section" VALUE="http://www.itknowledge.com/reference/standard/0471128457/">
</form>
<!-- Empty Reference Subhead -->
<!--ISBN=0471128457//-->
<!--TITLE=APPLIED CRYPTOGRAPHY, SECOND EDITION: Protocols, Algorithms, and Source Code in C//-->
<!--AUTHOR=Bruce Schneier//-->
<!--PUBLISHER=Wiley Computer Publishing//-->
<!--CHAPTER=22//-->
<!--PAGES=513-516//-->
<!--UNASSIGNED1//-->
<!--UNASSIGNED2//-->
<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="../ch21/21-04.html">Previous</A></TD>
<TD><A HREF="../ewtoc.html">Table of Contents</A></TD>
<TD><A HREF="22-02.html">Next</A></TD>
</TR>
</TABLE>
</CENTER>
<P><BR></P>
<H2><A NAME="Heading1"></A><FONT COLOR="#000077">Chapter 22<BR>Key-Exchange Algorithms
</FONT></H2>
<H3><A NAME="Heading2"></A><FONT COLOR="#000077">22.1 Diffie-Hellman</FONT></H3>
<P>Diffie-Hellman was the first public-key algorithm ever invented, way back in 1976 [496]. It gets its security from the difficulty of calculating discrete logarithms in a finite field, as compared with the ease of calculating exponentiation in the same field. Diffie-Hellman can be used for key distribution—Alice and Bob can use this algorithm to generate a secret key—but it cannot be used to encrypt and decrypt messages.
</P>
<P>The math is simple. First, Alice and Bob agree on a large prime, <I>n</I> and <I>g,</I> such that <I>g</I> is primitive mod <I>n.</I> These two integers don’t have to be secret; Alice and Bob can agree to them over some insecure channel. They can even be common among a group of users. It doesn’t matter.</P>
<P>Then, the protocol goes as follows:</P>
<DL>
<DD><B>(1)</B> Alice chooses a random large integer <I>x</I> and sends Bob
<DL>
<DD><I>X</I> = <I>g<SUP>x</SUP></I> mod <I>n</I>
</DL>
<DD><B>(2)</B> Bob chooses a random large integer <I>y</I> and sends Alice
<DL>
<DD><I>Y</I> = <I>g</I><SUP>y</SUP> mod <I>n</I>
</DL>
<DD><B>(3)</B> Alice computes
<DL>
<DD><I>k</I> = <I>Y<SUP>x</SUP></I> mod <I>n</I>
</DL>
<DD><B>(4)</B> Bob computes
<DL>
<DD><I>k´</I> = <I>X</I><SUP>y</SUP> mod <I>n</I>
</DL>
</DL>
<P>Both <I>k</I> and <I>k´</I> are equal to <I>g</I><SUP>xy</SUP> mod <I>n.</I> No one listening on the channel can compute that value; they only know <I>n, g, X,</I> and <I>Y.</I> Unless they can compute the discrete logarithm and recover <I>x</I> or <I>y,</I> they do not solve the problem. So, <I>k</I> is the secret key that both Alice and Bob computed independently.</P>
<P>The choice of <I>g</I> and <I>n</I> can have a substantial impact on the security of this system. The number (<I>n</I> - 1)/2 should also be a prime [1253]. And most important, <I>n</I> should be large: The security of the system is based on the difficulty of factoring numbers the same size as <I>n.</I> You can choose any <I>g,</I> such that <I>g</I> is primitive mod <I>n;</I> there’s no reason not to choose the smallest <I>g</I> you can—generally a one-digit number. (And actually, <I>g</I> does not have to be primitive; it just has to generate a large subgroup of the multiplicitive group mod <I>n.</I>)</P>
<P><FONT SIZE="+1"><B><I>Diffie-Hellman with Three or More Parties</I></B></FONT></P>
<P>The Diffie-Hellman key-exchange protocol can easily be extended to work with three or more people. In this example, Alice, Bob, and Carol together generate a secret key.
</P>
<DL>
<DD><B>(1)</B> Alice chooses a random large integer <I>x</I> and sends Bob
<DL>
<DD><I>X</I> = <I>g<SUP>x</SUP></I> mod <I>n</I>
</DL>
<DD><B>(2)</B> Bob chooses a random large integer <I>y</I> and sends Carol
<DL>
<DD><I>Y</I> = <I>g</I><SUP>y</SUP> mod <I>n</I>
</DL>
<DD><B>(3)</B> Carol chooses a random large integer <I>z</I> and sends Alice
<DL>
<DD><I>Z</I> = <I>g</I><SUP>z</SUP> mod <I>n</I>
</DL>
<DD><B>(4)</B> Alice sends Bob
<DL>
<DD><I>Z´</I> = <I>Z</I><SUP>x</SUP> mod <I>n</I>
</DL>
<DD><B>(5)</B> Bob sends Carol
<DL>
<DD><I>X´</I> = <I>X</I><SUP>y</SUP> mod <I>n</I>
</DL>
<DD><B>(6)</B> Carol sends Alice
<DL>
<DD><I>Y´</I> = <I>Y</I><SUP><I>z</I></SUP> mod <I>n</I>
</DL>
<DD><B>(7)</B> Alice computes
<DL>
<DD><I>k</I> = <I>Y</I>´<SUP><I>x</I></SUP> mod <I>n</I>
</DL>
<DD><B>(8)</B> Bob computes
<DL>
<DD><I>k</I> = <I>Z</I>´<SUP><I>y</I></SUP> mod <I>n</I>
</DL>
<DD><B>(9)</B> Carol computes
<DL>
<DD><I>k</I> = <I>X</I>´<SUP><I>z</I></SUP> mod <I>n</I>
</DL>
</DL>
<P>The secret key, <I>k,</I> is equal to g<SUP>xyz</SUP> mod <I>n,</I> and no one else listening in on the communications can compute that value. The protocol can be easily extended to four or more people; just add more people and more rounds of computation.</P>
<P><FONT SIZE="+1"><B><I>Extended Diffie-Hellman</I></B></FONT></P>
<P>Diffie-Hellman also works in commutitive rings [1253]. Z. Shmuley and Kevin McCurley studied a variant of the algorithm where the modulus is a composite number [1442,1038]. V. S. Miller and Neal Koblitz extended this algorithm to elliptic curves [1095,867]. Taher ElGamal used the basic idea to develop an encryption and digital signature algorithm (see Section 19.6).
</P>
<P>This algorithm also works in the Galois field GF(2<SUP>k</SUP>) [1442,1038]. Some implementations take this approach [884,1631,1632], because the computation is much quicker. Similarly, cryptanalytic computation is equally fast, so it is important to carefully choose a field large enough to ensure security.</P>
<P><FONT SIZE="+1"><B><I>Hughes</I></B></FONT></P>
<P>This variant of Diffie-Hellman allows Alice to generate a key and send it to Bob [745].
</P>
<DL>
<DD><B>(1)</B> Alice chooses a random large integer <I>x</I> and generates
<DL>
<DD><I>k</I> = <I>g</I><SUP><I>x</I></SUP> mod <I>n</I>
</DL>
<DD><B>(2)</B> Bob chooses a random large integer <I>y</I> and sends Alice
<DL>
<DD><I>Y</I> = <I>g<SUP>y</I></SUP> mod <I>n</I>
</DL>
<DD><B>(3)</B> Alice sends Bob
<DL>
<DD><I>X</I> = <I>Y<SUP>x</I></SUP> mod <I>n</I>
</DL>
<DD><B>(4)</B> Bob computes
<DL>
<DD><I>z</I> = <I>y</I><SUP>-1</SUP>
<DD><I>k´</I> = <I>X<SUP>z</I></SUP> mod <I>n</I>
</DL>
</DL>
<P>If everything goes correctly, <I>k</I> = <I>k´</I>.</P>
<P>The advantage of this protocol over Diffie-Hellman is that <I>k</I> can be computed before any interaction, and Alice can encrypt a message using <I>k</I> prior to contacting Bob. She can send it to a variety of people and interact with them to exchange the key individually later.</P>
<P><FONT SIZE="+1"><B><I>Key Exchange without Exchanging Keys</I></B></FONT></P>
<P>If you have a community of users, each could publish a public key, <I>X</I> = <I>g<SUP>x</I></SUP> mod <I>n,</I> in a common database. If Alice wants to communicate with Bob, she just has to retrieve Bob’s public key and generate their shared secret key. She could then encrypt a message with that key and send it to Bob. Bob would retrieve Alice’s public key to generate the shared secret key.</P>
<P>Each pair of users would have a unique secret key, and no prior communication between users is required. The public keys have to be certified to prevent spoofing attacks and should be changed regularly, but otherwise this is a pretty clever idea.</P>
<P><FONT SIZE="+1"><B><I>Patents</I></B></FONT></P>
<P>The Diffie-Hellman key-exchange algorithm is patented in the United States [718] and Canada [719]. A group called Public Key Partners (PKP) licenses the patent, along with other public-key cryptography patents (see Section 25.5). The U.S. patent will expire on April 29, 1997.
</P><P><BR></P>
<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="../ch21/21-04.html">Previous</A></TD>
<TD><A HREF="../ewtoc.html">Table of Contents</A></TD>
<TD><A HREF="22-02.html">Next</A></TD>
</TR>
</TABLE>
</CENTER>
[an error occurred while processing this directive]
<!-- all of the reference materials (books) have the footer and subfoot reveresed --><!-- reference_subfoot = footer --><!-- reference_footer = subfoot --><!-- BEGIN SUB FOOTER --> <br><br> </TD> </TR> </TABLE> <table width="640" border=0 cellpadding=0 cellspacing=0> <tr> <td align="left" width=135><img src="/images/white.gif" width=100 height="1" alt="" border="0"></td> <!-- END SUB FOOTER -->
<!-- all of the books have the footer and subfoot reveresed --><!-- reference_subfoot = footer --><!-- reference_footer = subfoot --><!-- FOOTER --> <td width="515" align="left" bgcolor="#FFFFFF"><font face="arial, helvetica" size="1"><b><a href="/products.html"><font color="#006666">Products</font></a> | <a href="/contactus.html"><font color="#006666">Contact Us</font></a> | <a href="/aboutus.html"><font color="#006666">About Us</font></a> | <a href="http://www.earthweb.com/corporate/privacy.html" target="_blank"><font color="#006666">Privacy</font></a> | <a href="http://www.itmarketer.com/" target="_blank"><font color="#006666">Ad Info</font></a> | <a href="/"><font color="#006666">Home</font></a></b> <br><br> Use of this site is subject to certain <a href="/agreement.html">Terms & Conditions</a>, <a href="/copyright.html">Copyright © 1996-1999 EarthWeb Inc.</a><br> All rights reserved. Reproduction whole or in part in any form or medium without express written permision of EarthWeb is prohibited.</font><p></td> </tr></table></BODY></HTML><!-- END FOOTER -->
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -