# Diffie-Hellman Key Exchange Algorithm

Diffie-Hellman (DH) is a commonly used public key cryptosystem for two parties to generate a shared secret key using only publicly shared information.

It was invented in 1976 by Whitfield __Diffie__ and Martin __Hellman__.

The security of the DH scheme is based on the difficulty of computing discrete logarithms.

The scheme has 4 parts
1. Defining public parameters of the scheme
2. Key pair generation
3. Exchange of public keys
4. Computation of shared secret key

## Defining Public Parameters

(1) Define a <font color=red>multiplicative group of integers modulo $p$</font>, for a large prime $p$.

> In modular arithmetic, the set of non-negative integers coprime to the integer $n$ from the set of integers $\{0, 1, 2, \ldots, n-1\}$ form a __group__ under the arithmetic operation multiplication modulo $n$.

> This is called the _multiplicative group of integers modulo $n$_.

> If the modulus $n$ is a prime number, then the multiplicative group of integers modulo $n$ consists of the full set of integers $\{0, 1, 2, \ldots, n-1\}$.

> The integers in this set are also called __residues modulo $n$__.

(2) Define $g$, which is a <font color=red>primitive root modulo $p$</font>.

> In modular arithmetic, an integer $g$ is a primitive root modulo $n$ if it satisfies the congruence $a_i \equiv g^i \mod n$ for some integer value $i$ for every integer $a_i$ coprime to $n$.

> This integer value $i$ is called the <font color-blue>__index__</font> or the __discrete logarithm of $a_i$ to the base $g$ modulo $n$__.

> If the modulus $n$ is a prime number, then there will be $n-1$ index values $i = 1,2,\ldots,n-1$ that _generates_ the set of values $\{1,2,\ldots,n-1\}$ in some order by the congruence $g^i \mod n$.

> Note that the value $0$ cannot be generated through exponentiation modulo a number and $g^0 \mod n$ is always equal to $1$.

> The integer $g$ is called a __generator__ of the multiplicative group of integers modulo $n$.

In [24]:
def is_coprime(p,q):
    while q != 0:
        p, q = q, p%q
    return p==1

def find_G(n):
    co_prime=[]
    for x in range(1,n):
        if(gcd(x,n)):
            co_prime.append(x)
    primes_set = set(co_prime)
    g=1
    count=0
    while(count<5):
        temp = []
        for i in range(1,n):
            temp.append((g**i) % n)
        final_set = set(temp)
        if(primes_set==fin):
            print("co_primes=",fin)
            print("g=",g)
            count+=1
        g+=1
        

In [25]:
# Let n be the modulus
n = 6
# Let g be the generator
g = 5
for i in range(1,5):
    print(i,g**i % n)

1 5
2 1
3 5
4 1


In [33]:
find_G(49)

co_primes= {1, 2, 3, 4, 5, 6, 8, 9, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 22, 23, 24, 25, 26, 27, 29, 30, 31, 32, 33, 34, 36, 37, 38, 39, 40, 41, 43, 44, 45, 46, 47, 48}
g= 3
co_primes= {1, 2, 3, 4, 5, 6, 8, 9, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 22, 23, 24, 25, 26, 27, 29, 30, 31, 32, 33, 34, 36, 37, 38, 39, 40, 41, 43, 44, 45, 46, 47, 48}
g= 5
co_primes= {1, 2, 3, 4, 5, 6, 8, 9, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 22, 23, 24, 25, 26, 27, 29, 30, 31, 32, 33, 34, 36, 37, 38, 39, 40, 41, 43, 44, 45, 46, 47, 48}
g= 10
co_primes= {1, 2, 3, 4, 5, 6, 8, 9, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 22, 23, 24, 25, 26, 27, 29, 30, 31, 32, 33, 34, 36, 37, 38, 39, 40, 41, 43, 44, 45, 46, 47, 48}
g= 12
co_primes= {1, 2, 3, 4, 5, 6, 8, 9, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 22, 23, 24, 25, 26, 27, 29, 30, 31, 32, 33, 34, 36, 37, 38, 39, 40, 41, 43, 44, 45, 46, 47, 48}
g= 17


In [27]:
n=6
c=[]
for x in range(1,n):
    if(is_coprime(x,n)):
        c.append(x)
print(c)

[1, 5]


### <font color=red>Quick Exercise 1</font>

Define a generator for the multiplicative group of integers modulo $n$
1. $n = 5$
2. $n = 6$

_Make a note of your answers to these questions, as you will need to enter them as part of your CA quizzes._

In [23]:
# QUICK EXERCISE 1
n = 5
# BEGIN SOLUTION
# Let g be the generator
g = 2
for i in range(1,5):
    print(i,g**i % n)
print()
# END SOLUTION

n = 6
# BEGIN SOLUTION
# Let g be the generator
g = 5
for i in range(1,3):
    print(i,g**i % n)
# END SOLUTION

1 2
2 4
3 3
4 1

1 5
2 1


## Key Pair Generation

Let the DH key exchange protocol execute between two parties __A__lice and __B__ob.

> Let Alice and Bob agree on a multiplicative group of integers modulo $p$ where $p$ is a large prime modulus and $g$ a generator of the group.

> Let Alice choose at random a secret integer <font color=red>$a$</font> from the multiplicative group of integers modulo $p$ and compute the value <font color=blue>$A = g^a \mod p$</font>.

> The secret key of Alice is $a$ and the public key is $A$.

> Similalry, Bob will choose at random a secret integer <font color=red>$b$</font> and compute the value <font color=blue>$B = g^b \mod p$</font>.

> The secret key of Bob is $b$ and the public key is $B$.

## Exchange of Public Keys

Alice and Bob must have a secure method of exchanging their public keys ensuring the authenticity of received public keys.

For example, participants may
1. Use a trusted public key server
2. Individually exchange public keys
3. Use digital certificates

## Shared Secret Key Generation

Alice will compute the shared secret key $k$ as $B^a \mod p$ using her secret key and Bob's public key $B$.

$k = B^a \mod p$
> $= (g^b \mod p)^a \mod p$

> $= (g^b)^a \mod p \mod p$

> $= g^{ba} \mod p$

Similarly, Bob will compute the shared secret key $k$ as $A^b \mod p$ using his secret key and Alice's public key $A$.

$k = A^b \mod p$
> $= (g^a \mod p)^b \mod p$

> $= (g^a)^b \mod p \mod p$

> $= g^{ab} \mod p$

In [9]:
print("Example DH Key Generation")
print("-------------------------")
p = 23
g = 5
a = 6
b = 15
A = g**a % p
B = g**b % p
ka = B**a % p
kb = A**b % p
print("shared secret key computed by Alice is",ka)
print("shared secret key computed by Bob is",kb)

Example DH Key Generation
-------------------------
shared secret key computed by Alice is 2
shared secret key computed by Bob is 2


### <font color=red>Quick Exercise 2</font>

Three parties, Alice, Bob and Charlie, share the public paramters prime modulus $p$ and generator $g$ for the multiplicative group of integers modulo $p$.

Also, they already share the public keys of each other, $A = g^a \mod p$, $B = g^b \mod p$ and $C = g^c \mod p$, where $a$, $b$ and $c$ are the secret keys of the three parties, respectively.

Using only a public communication channel, describe a protocol for the three parties to compute a _single_ shared secret.

_Make a note of your answers to these questions, as you will need to enter them as part of your CA quizzes._

Alice

private key = a

public key
