DiffieHellman (Diffie - Hellman) key exchange algorithm theory and its implementation

This paper reference source https://segmentfault.com/a/1190000010917737 and https://zh.wikipedia.org/wiki/%E6%A8%A1%E9%99%A4   and  https://www.cnblogs.com /DarkValkyrie/p/10962231.html  (basic formula of this article chiefs of great help)

 What is the Diffie-Hellman key exchange algorithm?

　　Diffie-Hellman: for sharing KEY ensure security across non-secure networks, it is an integral part of OAKLEY. Whitefield and Martin Hellman in 1976 presented a wonderful key exchange protocol, called the Diffie-Hellman key exchange protocol / algorithm (Diffie-Hellman Key Exchange / Agreement Algorithm). This ingenious mechanism that requires both parties can communicate securely symmetric key is determined by this method. You can then use the encryption and decryption key. Note, however, the key exchange protocol / key exchange algorithm can be used, but not to encrypt and decrypt messages. The two sides determined to use the key, to use other symmetric key encryption algorithm operations to achieve encrypt and decrypt messages.

 

Introduction algorithm modulo arithmetic rule ---

• Modulo operation with the four basic arithmetic somewhat similar, but the division exceptions. Its rules are as follows:

1. (a + b) % p = (a % p + b % p) % p （1）
2. (a - b) % p = (a % p - b % p) % p （2）
3. (a * b) % p = (a % p * b % p) % p （3）
4. a ^ b % p = ((a % p)^b) % p （4）

• Associative law:

1. ((a+b) % p + c) % p = (a + (b+c) % p) % p （5）
2. ((a*b) % p * c)% p = (a * (b*c) % p) % p （6）

• Commutative:

1. (a + b) % p = (b+a) % p （7）
2. (a * b) % p = (b * a) % p （8）

• Distributive law:

1. (a+b) % p = ( a % p + b % p ) % p （9）
2. ((a +b)% p * c) % p = ((a * c) % p + (b * c) % p) % p （10）

 

First DiffieHellman key exchange algorithm number theory foundation

  1.(a^Xa mod p)^Xb mod p = a^(Xa * Xb) mod p

  2. Equivalence modulo operation and commutativity

    1>. (A mod n) mod n = a mod n Equivalence

    2>. a ^ b % p = ((a % p)^b) % p

 Algorithm principle:

    1. Assuming the client, the server selection of two primes a, p (openly), then

• Client: a natural number selected Xa, Ya = a ^ Xa mod p, Ya and transmits to the server;

• Server: selecting a natural number Xb, Yb = a ^ Xb mod p, and sends to the client Yb;

• Client: calculated Ka = Yb ^ Xa mod p

• Server: computing Kb = Ya ^ Xb mod p

​The derivation process

    Ka = Yb ^ Send mod p

          = (a^Xb mod p)^Xa mod p 

                 ==> (A ^ Xb  MOD P) ^ Xa  MOD P of the equation can be split into four (a ^ Xb) ^ Xa mod p

          = a^(Xb * Xa) mod p

          = (a^Xa mod p)^Xb mod p

          = Ya ^ Xb mod p

          = Kb

We can see, even though the client, the server does not know each other in each other's Xa, Xb, but to calculate the equivalent secret.

Code Example Nodejs

As mentioned previously in conjunction with the following summary of the code view, which is one of the points client, server use the same prime number a, p.

 

the require Crypto = var ( 'Crypto'); 

var primeLength = 1024; // length prime p 
var generator = 5; // A prime 
// create client DH instance 
var = crypto.createDiffieHellman Client (primeLength, Generator); 
/ / generated public key pair, MOD Xa Ya = a ^ PVAr 
clientKey client.generateKeys = (); 
// Create instance DH server, using the client with the same prime number a, P 
var = crypto.createDiffieHellman Server (client. getPrime (), client.getGenerator ()); 
// generate public-private key pair, Xb Yb = A ^ P MOD 
var server.generateKeys ServerKey = (); 
// calculate ^ Xa Yb = MOD Ka of P 
var = Client clientSecret .computeSecret (server.getPublicKey ()); 
// calculate Ya ^ Xb = MOD Kb P 
var serverSecret = server.computeSecret (client.getPublicKey ());  
// Since the prime number p is generated dynamically, so that each print is not same
// but clientSecret === serverSecret
console.log(clientSecret.toString('hex'));
console.log(serverSecret.toString('hex'));

　　

 

​​​​