Diffie–Hellman key exchange
General overview[edit]

Illustration of the idea behind Diffie–Hellman key exchange
Diffie–Hellman key exchange establishes a shared secret between two parties that can be used for secret communication for exchanging data over a public network. The following conceptual diagram illustrates the general idea of the key exchange by using colors instead of very large numbers.
The process begins by having the two parties, Alice and Bob, agree on an arbitrary starting color that does not need to be kept secret (but should be different every time[3]); in this example the color is yellow. Each of them selects a secret color that they keep to themselves. In this case, orange and blue-green. The crucial part of the process is that Alice and Bob now mix their secret color together with their mutually shared color, resulting in orange-tan and light-blue mixtures respectively, then publicly exchange the two mixed colors. Finally, each of the two mix together the color they received from the partner with their own private color. The result is a final color mixture yellow-brown that is identical to the partner's color mixture.
If a third party listened to the exchange, it would be computationally difficult for them to determine the secret colors. In fact, when using large numbers rather than colors, this action is computationally expensive for modern supercomputers to do in a reasonable amount of time.
Cryptographic explanation[edit]
The simplest and the original implementation of the protocol uses the multiplicative group of integers modulo p, where p is prime, and g is a primitive root modulo p. These two values are chosen in this way to ensure that the resulting shared secret can take on any value from 1 to p–1. Here is an example of the protocol, with non-secret values in blue, and secret values in red.
- Alice and Bob agree to use a modulus p = 23 and base g = 5 (which is a primitive root modulo 23).
- Alice chooses a secret integer a = 4, then sends Bob A = ga mod p
- A = 54 mod 23 = 4
- Bob chooses a secret integer b = 3, then sends Alice B = gb mod p
- B = 53 mod 23 = 10
- Alice computes s = Ba mod p
- s = 104 mod 23 = 18
- Bob computes s = Ab mod p
- s = 43 mod 23 = 18
- Alice and Bob now share a secret (the number 18).
Both Alice and Bob have arrived at the same value s, because, under mod p,
- {\displaystyle {\color {Blue}A}^{\color {Red}b}{\bmod {\color {Blue}p}}={\color {Blue}g}^{\color {Red}ab}{\bmod {\color {Blue}p}}={\color {Blue}g}^{\color {Red}ba}{\bmod {\color {Blue}p}}={\color {Blue}B}^{\color {Red}a}{\bmod {\color {Blue}p}}}
[8]
More specifically,
- {\displaystyle ({\color {Blue}g}^{\color {Red}a}{\bmod {\color {Blue}p}})^{\color {Red}b}{\bmod {\color {Blue}p}}=({\color {Blue}g}^{\color {Red}b}{\bmod {\color {Blue}p}})^{\color {Red}a}{\bmod {\color {Blue}p}}}
Note that only a, b, and (gab mod p = gba mod p) are kept secret. All the other values – p, g, ga mod p, and gb mod p – are sent in the clear. Once Alice and Bob compute the shared secret they can use it as an encryption key, known only to them, for sending messages across the same open communications channel.
Of course, much larger values of a, b, and p would be needed to make this example secure, since there are only 23 possible results of n mod 23. However, if p is a prime of at least 600 digits, then even the fastest modern computers cannot find a given only g, p and ga mod p. Such a problem is called the discrete logarithm problem.[3] The computation of ga mod p is known as modular exponentiation and can be done efficiently even for large numbers. Note that g need not be large at all, and in practice is usually a small integer (like 2, 3, ...).
Diffie–Hellman key exchange的更多相关文章
- 深入浅出Diffie–Hellman
一.作者 这个密钥交换方法,由惠特菲尔德·迪菲(Bailey Whitfield Diffie).马丁·赫尔曼(Martin Edward Hellman)于1976年发表. 二.说明 它是一种安全协 ...
- 浅析Diffie–Hellman
一.作者 这个密钥交换方法,由惠特菲尔德·迪菲(Bailey Whitfield Diffie).马丁·赫尔曼(Martin Edward Hellman)于1976年发表. 二.说明 它是一种安全协 ...
- Git 常见问题: unable to negotiate with *.*.*.*: no matching key exchange methodfound...
在Windows上更新了git 版本后,clone/pull时出现错误, unable to negotiate with *.*.*.*: no matching key exchange meth ...
- Navicat 用ssh通道连接时总是报错 (报错信息:SSH:expected key exchange group packet form serve
转:https://blog.csdn.net/qq_27463323/article/details/76830731 之前下了一个Navicat 11.0 版本 用ssh通道连接时总是报错 (报错 ...
- 连接远程数据库时出现 SSH: expected key exchange group packet from server / 2003 - Can't connect to MySQL server on 'XXX' (10038) / 1130 - Host 'XXX' is not allowed to connect to this MySQL server
昨天在自己的远程服务器上玩,把系统重装了.新装了MySQL,在本地用navicat连接的时候出了几个小问题. 问题一:SSH: expected key exchange group packet f ...
- git clone 报错Unable to negotiate with xxx.xxx.xxx.xxx port 12345: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
在执行git clone命令报错 Unable to negotiate with xxx.xxx.xxx.xxx port 12345: no matching key exchange metho ...
- 关于no matching key exchange method found. Their offer: diffie-hellman-group1-sha1的解决办法
原文链接:https://mycyberuniverse.com/error/no-matching-key-exchange-method-found-openssh7.html What caus ...
- 数据库连接出错 expected key exchange group packet form server
数据库连接出错 expected key exchange group packet form server SSH: expected key exchange group packet form ...
- no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
1. 使用git克隆项目报错 $ git clone ssh://liuchao@192.168.7.32:29418/platform/Midou Cloning into 'Midou'... U ...
随机推荐
- C++实现成绩管理模拟系统
C++实现基本的成绩管理系统 需求: 1-学生姓名等基本字段 2-学生成绩字段 3-实现成绩修改和基本统计输出 #include<iostream> #include<windows ...
- Holm–Bonferroni method
sklearn实战-乳腺癌细胞数据挖掘(博主亲自录视频) https://study.163.com/course/introduction.htm?courseId=1005269003&u ...
- 学习 C++的用途,(前辈总结)
C++准确说是一门中级语言,介于汇编和高级语言之间吧,要求程序员了解计算机的内部数据存储.个人认为,作为学生还是花功夫学C++,因为<设计模式><数据结构>这些课程基本上还是C ...
- 2017北京国庆刷题Day6 morning
期望得分:100+100+20=220 实际得分:100+100+20=220 模拟栈 #include<cstdio> #include<cstring> using nam ...
- 动态规划:双重DP
之前做过的传纸条那道题就是双重动态规划的典型应用,题意就不描述了,直接贴一下以前写过的,经典代码 #include<iostream> using namespace std; ,maxm ...
- C11构造函数的改善
1.委托构造函数 委托构造函数就是允许在同一个类中一个构造函数可以调用另一个构造函数,从而在初始化时简化变量的初始化. class CTest { public: int x; int y; int ...
- Bayesian optimisation for smart hyperparameter search
Bayesian optimisation for smart hyperparameter search Fitting a single classifier does not take long ...
- Fire Net(深度优先搜索)
ZOJ Problem Set - 1002 Fire Net Time Limit: 2 Seconds Memory Limit: 65536 KB Suppose that we ha ...
- [\u4e00-\u9fa5] //匹配中文字符
[\u4e00-\u9fa5] //匹配中文字符 ^[1-9]\d*$ //匹配正整数^[A-Za-z]+$ //匹配由26个英文字母组成的字符串^[A-Z]+$ //匹配由26 ...
- hdu 5326 Work(杭电多校赛第三场)
题目链接:http://acm.hdu.edu.cn/showproblem.php?pid=5326 Work Time Limit: 2000/1000 MS (Java/Others) M ...