Skip to content

Key Exchange

Problem with Symmetric Ciphers: Keeping the Keys secret.

Symmetric encryption relies that the Keys are kept secret. As the security of the message is only as secure as the key itself. So if an untrusted third party has the key, they can read all the messages.

This is still an issue regardless of the complexity of the cipher used. While it might be very difficult to break the key, if we can find out what it is somehow, the code can easily be broken.

Lets look at this in practice. AES[^AES] is a modern symmetric encryption standard, that is used by (amongst others) Government organisations. (with certain key lengths it is approved for TOP SECRET information in the US)

Study of AES has shown it to be secure (as long as the key is large) against modern methods of cryptanalysis. Therefore, as long as we keep the TheKeyToTheCodes secret our message is safe.

Task

Bruteforcing this message should take a few hunderd years.
However, if you can find the keys, you can decode it in seconds. Perhaps an NSA level hacking tool :p will help......

9ca77252649e115e7350c6d384258672dbb202906e90829f52d2577567f1d4af6a65a4ba594279e0f9ae3bf9c19e5f2cd72177023caf9f6ede14a79e1c6b89b8b152614246a6bbc1587bc3a88cb04ed34a0a943f021277c73fd40d6fe5c7d86fbc28b4922c46561105605e646d46ccea6874e731ad807931e053426ec35615afb7d8688fcd1bc68efdaaed1a228f88d8d071cf8c9666e8d6beb2892240efcf12483a132d821fe4e407c972778571ec090478858f1e379a88bd86d3f9daaa8d1fee7088420101a90b28966aa5872490a5f1d90bc0e5787a8ffe82af61395b7dc1215bbdbb2edcda25f00409ecbf289353cb08b14afa3bb7f52260249c1b69de169c80ea7598b534776acab287c7621fb139f253e4b8e0829c2744bb9f2862614ed05c50cdd1e8d712773734d7b49af9a993f6e0147456fb90628fa7802e3672bf32544c792592a36f14b2edd41755e69f414be754003b80db25f4e89a3253d37a43896afa73cc8f12205275f5cd0df18af837093f93a53d9332913b5611649500a37945ed63b02697453da77572b04dde

Key Exchange

So A major problem with symmetric key cryptography is that the secret key needs to be shared between the communicating parties without it being exposed to eavesdroppers.

Example

You may have come across this situation before.

Person A, needs to you send some confidentail infoamtion over e-mail. They suggest you stash the data in a password protected zip file, then email it to them. So far so good, if you chose a sensible password, the Zip should be fine...

However, the next issue is getting them the password you could

  • Email the password in a second email (but wasn't the insecurity of email why you used a password in the first place)
  • Text / WhatsApp the password. (Do you want them having your phone number)
  • Meet them in person, for the password

Clearly, a face to face meeting between the communicating parties (Alice and Bob) to exchange a secret key is often not practical and sending the key across an insecure communication channel eliminates the confidentiality gained by symmetric key encryption.

Example

Its a similar problem with HTTPs. We know that the TLS protocol makes use of symettric keys, and is therefore secure.
But these need to be exchanged over a (insecure) channel before communication can take place.

Diffie-Hellman

The principle of Diffie-Hellman key exchange is that a one-way or trapdoor mathematical function is used to provide public and private key generation components for Alice and Bob without prior knowledge such that information can be exchanged in public and both parties can devise a common secret key from their shared and secret components.

The concept has been about since the 70's and is still a fundamental part of modern cryptography.

The general idea is that rather than send keys over the internet, we exchange "chunks" of information that can be used to build a key. The Clever bit about this, is that we send the data in such a way that regardless of the fact that parts of it are in the public domain we can only know the full key with the information we have.

Note

There are some hardcore maths involved here, you don't need to know this for using the algorithm. If you really want to know, I can point you in the right direction.

Lacking a whiteboard, Lightboard or any paint at home, (and getting you all to the pub so I can explain it with cocktails isn't going to happen with the rule of 6) Here is someone else's great explanation of how Diffie-Hellman works.

Summary

symmetric encryption relies on shared keys to encrypt and decrypt messages.

However, one issue with using shared keys, is how to transfer the keys between parties. We either have to meet and agree on a key, or find some other way of sharing them across a (potentially insecure) network.

The Diffie Hellman key exchange process gives us a way of doing this.

Back to top