Diffie-Hellman Assignment I Never Finished from Week 1

Hi all! I still want to finish the assignment from Week 1.

I’ll use this plain-english description of Diffie-Hellman from https://security.stackexchange.com/questions/45963/diffie-hellman-key-exchange-in-plain-english:

  1. I come up with two prime numbers g and p and tell you what they are.

Let’s say g = 503 and p = 98764321261 for some reason.

  1. You then pick a secret number ( a ), but you don’t tell anyone. Instead you compute g^a mod p and send that result back to me. (We’ll call that A since it came from a ).

Here’s where you compute and share a value for A ! Please reply to this post with your value for A!

  1. I do the same thing, but we’ll call my secret number b and the computed number B . So I compute g^b mod p and send you the result (called " B ")

Done! B = (g ^ b) % p = 46659981003

  1. Now, you take the number I sent you and do the exact same operation with it. So that’s B^a mod p .

And that’s how you get our shared secret. Note that it’s lower case a, your secret value.

  1. I do the same operation with the result you sent me, so: A^b mod p .

And that’s how I get our shared secret.

Awesome! Let’s do it. Online. Right now.

1 Like

You have almost all the information you need - you just need an agreement now to create your large “prime” number. I was imagining people would use their two public keys as g and p as it’s something you both know and is easy to find and you both have a secret number to use (the private key) - I’m not sure if this makes sense or creates a security risk - I guess the only issue is to decide who becomes g and who becomes p - perhaps alphabetical by name.
Makes sense? I’m not 100% on this

Unless I’m misunderstanding it, I think it’s much simpler than that!

Diffie-hellman Shared Secret

g = 503 = 503
p = 929 = 929

My Secret and Shared Intermediate
bpriv = 6 = 6
Bpub = (g^bpriv) mod p = 45

Your Secret and Shared Intermediate
apriv = 7 = 7
Apub = (g^apriv) mod p = 339

Our Shared Secret
yourSharedSecret = (Bpub ^ apriv) mod p = 648
mySharedSecret = (Apub ^ bpriv) mod p = 648

Why don’t we try it Bilal!
Let’s say that g = 521 and p = 937

I’ll calculate my B value per the description above. Note that I’m using much smaller numbers here because I did the math and my calculator program gets an error if I use much higher numbers. It’s a bit of an art to pick a secure combination, I’d imagine.

B = (g^b) mod p = 488

Now, if you calculate and share your A value with me, calculated as (g^a) mod p where a is your secret value, then I can get our shared secret with (A^b) mod p using my secret b! Cool.

So get me your intermediate public value and let’s calculate our super shared secret!

At first I thought I misunderstood it, because if g, p and the result of g^b mod p is available, then the attacker would be able to easily guess b…which is true of the numbers are small like the ones here. But in reality, you’d have to brute force it! I’d say that it’s true that this method seems like it would be safe to publicly post g and p while sharing the intermediate value given sufficiently high values.