Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Diffie–Hellman key exchange
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=== Triple Diffie–Hellman (3-DH) === In 1997 a kind of triple DH was proposed by Simon Blake-Wilson, Don Johnson, Alfred Menezes in 1997,<ref>{{citation|last1=Blake-Wilson|first1=Simon|chapter=Key Agreement Protocols and their Security Analysis|year=1997|last2=Johnson|first2=Don|last3=Menezes|first3=Alfred|title=Crytography and Coding |series=Lecture Notes in Computer Science |volume=1355 |pages=30–45 |citeseerx=10.1.1.25.387|doi=10.1007/BFb0024447|isbn=978-3-540-63927-5 }}</ref> which was improved by C. Kudla and K. G. Paterson in 2005<ref>{{cite book|last1=Kudla|first1=Caroline|last2=Paterson|first2=Kenneth G.|title=Advances in Cryptology - ASIACRYPT 2005 |chapter=Modular Security Proofs for Key Agreement Protocols |year=2005|editor-last=Roy|editor-first=Bimal|series=Lecture Notes in Computer Science|volume=3788 |language=en|location=Berlin, Heidelberg|publisher=Springer|pages=549–565|doi=10.1007/11593447_30|isbn=978-3-540-32267-2 |doi-access=free|url=https://iacr.org/archive/asiacrypt2005/546/546.pdf}}</ref> and shown to be secure. The long term secret keys of Alice and Bob are denoted by ''a'' and ''b'' respectively, with public keys ''A'' and ''B'', as well as the ephemeral key pairs (''x'', ''X'') and (''y'', ''Y''). Then protocol is: {| class="wikitable" |+ Triple Diffie–Hellman (3-DH) protocol ! Alice (<math>A = g^a</math>) ! ! Bob (<math>B = g^b</math>) |- | <math>X = g^x</math> | <math>X \rightarrow {}</math> | |- | | <math>{} \leftarrow Y</math> | <math>Y = g^y</math> |- | <math>K = \operatorname{KDF}\left( Y^x,\, B^x,\, Y^a,\, X,\, Y,\, A,\, B \right)</math> | | <math>K = \operatorname{KDF}\left( X^y,\, X^b,\, A^y,\, X,\, Y,\, A,\, B \right)</math> |} The long term public keys need to be transferred somehow. That can be done beforehand in a separate, trusted channel, or the public keys can be encrypted using some partial key agreement to preserve anonymity. For more of such details as well as other improvements like [[Side-channel attack|side channel protection]] or explicit [[Key (cryptography)|key confirmation]], as well as early messages and additional password authentication, see e.g. US patent "Advanced modular handshake for key agreement and optional authentication".<ref>{{cite patent|number=US11025421B2|title=Advanced modular handshake for key agreement and optional authentication|gdate=2021-06-01|invent1=Fay|inventor1-first=Bjorn|url=https://patents.google.com/patent/US11025421B2/en?oq=11025421}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)