Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [diffie-hellman]

The Diffie–Hellman key agreement is an anonymous, non-authenticated key-agreement protocol.

The Diffie–Hellman key agreement is an anonymous, non-authenticated key-agreement protocol. U.S. Patent 4,200,770, from 1977 (now expired) describes the algorithm. It credits Hellman, Diffie, and Merkle as inventors.

DH is one of the earliest, practical examples of public key exchange implemented within the field of cryptography and provides the basis for a variety of authenticated protocols. For example: DH is used to provide perfect forward secrecy in Transport Layer Security's ephemeral modes (referred to as EDH or DHE depending on the cipher suite). The Diffie–Hellman key agreement was followed shortly afterwards by RSA, an implementation of public key cryptography using asymmetric algorithms.

1120 questions
57
votes
2 answers

ECDSA vs ECIES vs ECDH

Recently I started studying Elliptic Curve Cryptography and I just loved it. I want to transfer some big data (like 3KB), What is the best method, ECDSA, ECIES, or ECDH (and why)? I am confused, how should I choose between ECDSA, ECIES and ECDH?
user3160055
  • 673
  • 1
  • 6
  • 4
51
votes
5 answers

Can one generalize the Diffie-Hellman key exchange to three or more parties?

Does anyone know how to do a Diffie-Hellman or ECDH key exchange with more than two parties? I know how to do a key exchange between 2 parties, but I need to be able to have a key agreement between 3 or more parties.
hobeau
  • 863
  • 1
  • 10
  • 11
47
votes
2 answers

What's the fundamental difference between Diffie-Hellman and RSA?

What is the difference in the purpose of DH and RSA? Aren't they both public-key encryption?
user541686
  • 1,409
  • 1
  • 11
  • 24
41
votes
2 answers

What's the difference between RSA and Diffie-Hellman?

I've been reading the same thing on a lot of websites: RSA is for communication using the public and private key for both the server and client, whereas Diffie-Hellman is just for exchanging the same secret key that will then be used for both…
user3407319
  • 515
  • 1
  • 6
  • 8
35
votes
7 answers

Is Diffie-Hellman mathematically the same as RSA?

Is the Diffie-Hellman key exchange the same as RSA? Diffie Hellman allows key exchange on a observed wire – but so can RSA. Alice and Bob want to exchange a key – Big brother is watching everything. Bob makes a fresh RSA key pair and sends his…
joe armstrong
34
votes
1 answer

Does the generator size matter in Diffie-Hellman?

For the Diffie-Hellman protocol I've heard that the generator 3 is as safe as any other generator. Yet, 32-bit or 256-bit exponents are sometimes used as generators. What is the benefit of using these very large generators if they are just as safe…
jnm2
  • 582
  • 5
  • 11
34
votes
1 answer

What is a ratchet?

while reading Whatsapp's Security Whitepaper I found the term "ratchet". What does it mean in cryptography? The Message Key is derived from a sender’s Chain Key that “ratchets” forward with every message sent. Additionally, a new ECDH agreement…
M-elman
  • 1,278
  • 3
  • 16
  • 24
33
votes
3 answers

For Diffie-Hellman, must g be a generator?

Due to a number of recently asked questions about Diffie-Hellman, I was thinking this morning: must $g$ in Diffie-Hellman be a generator? Recall the mathematics of Diffie-Hellman: Given public parameters $p$ (a large prime) and $g$ (always referred…
mikeazo
  • 39,117
  • 9
  • 118
  • 183
31
votes
2 answers

How does a non-prime modulus for Diffie-Hellman allow for a backdoor?

Recently someone found that a Diffie-Hellman modulus used in a unix tool (socat) was not prime. This led some people to shout "backdoor". What I don't understand is, how could this allow for a backdoor? I'm guessing the problem could be small…
David 天宇 Wong
  • 1,595
  • 11
  • 27
29
votes
2 answers

Using same keypair for Diffie-Hellman and signing

Are there any security risks using a single key-pair for both key-exchange and signing? I'm mainly interested in using Curve25519 for key-exchange and Ed25519 for signing. But similar combinations, such as EC-DH and EC-Schnorr or even EC-DSA with…
CodesInChaos
  • 25,121
  • 2
  • 90
  • 129
28
votes
3 answers

How can I use SSL/TLS with Perfect Forward Secrecy?

I'm new to the field of cryptography, but I want to make the web a better web by setting up the sites that I host with Perfect Forward Secrecy. I have a list of questions regarding the setup of Perfect Forward Secrecy. Here it goes: Can my choice…
Clay Freeman
  • 421
  • 1
  • 4
  • 8
28
votes
2 answers

Why is Diffie-Hellman considered in the context of public key cryptography?

In all textbooks I used the Diffie-Hellman key exchange is under "public key cryptography". As far as I can see it is a method to exchange a key to be used with a symmetric cryptographic algorithm, so it falls very naturally in the area of symmetric…
Mr_and_Mrs_D
  • 383
  • 1
  • 3
  • 10
26
votes
1 answer

How does ECDH arrive on a shared secret?

I read a brilliant, three part article on Elliptic Curve cryptography (one, two, three). It was able to explain Elliptic Curves to me in a way that didn't require a math degree to understand. The crux of the article is in page two, namely, when…
Eddie
  • 1,003
  • 3
  • 15
  • 27
23
votes
4 answers

What is the relation between Discrete Log, Computational Diffie-Hellman and Decisional Diffie-Hellman?

How are the three problems Discrete Logarithm, Computational Diffie-Hellman and Decisional Diffie-Hellman related? From my understanding, since the Discrete Log (DL) Problem is considered hard, then so is CDH. And since CDH is considered hard, then…
Bobby S
  • 1,973
  • 4
  • 23
  • 30
21
votes
3 answers

How does one calculate a primitive root for Diffie-Hellman?

In the Diffie-Hellman key exchange, one of the steps involves calculating a primitive root of a prime number $p$. How would one go about doing so, considering that $p$ could be very large? Is there some sort of algorithm or equation?
yydl
  • 709
  • 3
  • 8
  • 15
1
2 3
74 75