In this example, which is a premaster secret, and which is a master secret?

Question

In the context of this data, as shown in the image below, which one is a pre-master-secret and which one is a master-secret. It looks to me as if the final value of 2, for Alice and Bob is a master-secret which can be then used for creating a symmetric key (AES). Am I right?

1. Alice and Bob agree to use a prime number $p=23$ and base $g=5$.
2. Alice chooses a secret integer $a=6$, then sends Bob $A=g^a\mod p$
   • $A=5^6\mod 23$
   • $A=15,625\mod 23$
   • $A=8$
3. Bob chooses a secret integer $b=15$, then sends Alice $B=g^b\mod p$
   • $B=5^{15}\mod 23$
   • $B=30,517,578,125\mod 23$
   • $B=19$
4. Alice computes $s=B^a\mod p$
   • $s=19^6\mod 23$
   • $s=47,045,881\mod 23$
   • $s=2$
5. Bob computes $s=A^b\mod p$
   • $s=8^{15}\mod 23$
   • $s=35,184,372,088,832\mod 23$
   • $s=2$
6. Alice and Bob now share a secret (the number $2$) because $6$ x $15$ is the same as $15$ x $6$.

Answer 1

The protocol outlined in the question is Diffie-Hellman key exchange with artificially small $p$. Beware that one thing is misleading in this exposition: for $p$ of practical interest, that is of some thousand(s) bits, when computing $g^a\bmod p$, one does not computes $g^a$ then reduce $\bmod p$ as shown, because $g^a$ is too huge. Instead, one reduces $\bmod p$ (at least) after each multiplication. Approximately ${3\over 2}\cdot\log_2a$ modular multiplications are performed in the simplest algorithm used in practice.

Thanks to poncho's comment, we know that the terms premaster secret and master secret are used in TLS, as:

8.1. Computing the Master Secret

For all key exchange methods, the same algorithm is used to convert the pre_master_secret into the master_secret. The pre_master_secret should be deleted from memory once the master_secret has been computed.

  master_secret = PRF(pre_master_secret, "master secret",
                      ClientHello.random + ServerHello.random)
                      [0..47];

The master secret is always exactly 48 bytes in length. The length of the premaster secret will vary depending on key exchange method.

8.1.1. RSA

When RSA is used for server authentication and key exchange, a 48- byte pre_master_secret is generated by the client, encrypted under the server's public key, and sent to the server. The server uses its private key to decrypt the pre_master_secret. Both parties then convert the pre_master_secret into the master_secret, as specified above.

8.1.2. Diffie-Hellman

A conventional Diffie-Hellman computation is performed. The negotiated key (Z) is used as the pre_master_secret, and is converted into the master_secret, as specified above. Leading bytes of Z that contain all zero bits are stripped before it is used as the pre_master_secret.

Note: Diffie-Hellman parameters are specified by the server and may be either ephemeral or contained within the server's certificate.

---

Thus, in the protocol of the question, which can be seen as a reduced example of Diffie-Hellman as it would be used in TLS, $s$ is the pre_master_secret; the master_secret would be derived from it.