Diffi-Hellman algorithm

Diffi and Hellman have offered for creation of cryptographic systems with an open key function of discrete exponentiation. Below is shown a description of this algorithm.

1. Both subscribers have same prime number P and common mantissa D<(P-1) before communication session start.

2. Every subscriber (1-st и 2-nd) chooses any natural number with conditions 1<X₁<(P-1) and 1<X₂<(P-1)

3. Every subscriber using own number X calculates and

4. Subscribers change with Y₁ и Y₂ values between themselves by open channel.

5. Every subscriber calculates session key for ciphering for symmetric algorithm by the next formulas:

Irreversibility of transformation in this case is ensured with next fact: it is enough easy to calculate an exponential function in a final field of Galois consisting of Р elements. (Р - either a prime number, or a prime number in any integer power). Calculation of logarithms in the such fields is much more labour-consuming operation.

If Y=D^x,, 1<x<p-1, where – fixed element of a field GF(p), then X=log_DY over GF(P). Having X easy to calculate Y. For this needed 2 ln(X+Y) multiplexing operations.

The inverse problem of an evaluation X of Y will be enough complex as it is fulfilled by reboric search. If P it is chosen enough correctly then extraction of the logarithm will demand the evaluations proportional follow:

L(p) = exp { (ln p ln ln p)^0.5 }

Without knowing X₁ and X₂, the violator can try to calculate K₁₂, knowing only intercepted Y₁ and Y₂. Equivalence of this problem to a problem of an calculation of the discrete logarithm is a principal and open problem in the systems with an open key. A simple solution it is not discovered till now. So, if for direct transformation of 1000-bit prime numbers 2000 operations are required, for inverse transformation (an evaluation of the logarithm in the field of Galois) - it is required about 10³⁰ operations.

At all simplicity of algorithm Diffi-Hellman, its second lake in comparison with system RSA is lack of the guaranteed lower estimation of labour input of disclosing of a key.

Besides, though the described algorithm allows bypassing a problem of the latent transmission of a key, necessity of authenticity remains. Without the additional means, one of users cannot be assured that it has exchanged keys with that user who is necessary to it. Danger of imitation in this case remains.

As generalisation of told about distribution of the keys< it is necessary to tell the following. The problem of control is reduced by keys to search of such report of distribution of the keys which would ensure:

• Possibility of refusal from the centre of the keys distribution;

• Mutual confirmation of the authenticity of a session participants;

• Confirmation of a session reliability by the inquiry-answer mechanism, use for this purpose program or hardware;

• Use the minimum numbers of messages at the interchanging of keys.

An one-wave function as a function of encryption is inapplicable, because, if F(x) is a crypted message of х, nobody, including legal recipient, not able to recover х. Going round this problem is possible by an one-way function with a secret (one-way trapdoor function). Sometimes a term is yet used function with trap.

For example, function E_k: X Y, has a reverse function D_k: Y X, however it is impossible to know a reverse function only on E_k without knowledge of secret k.

Function E_k: X Y, depending on a parameter k and possessing next three properties is named by an one-way function with a secret. There are following properties:

1) at any k there is a polinomical algorithm of calculation of values of Ek(x);

2) at unknown k there is not a polinomical algorithm of inverting of E_k;

3) at known k there is a polinomical algorithm of inverting of E_k;

The function of E_k can be utillized for encrypting of information, and reverse by it function of D_k - for decrypting, because at all х   Х justly D_k (E_k(x)) = x.

Implied thus, that, who knows, how information to encrypt, quite not necessarily must know how to decrypt it. Similarly as well as in case with an one-way function, a question about existence of one-way trapdoor function is opened. For practical cryptography a few functions - candidates on the rank of one-way trapdoor function are found. For them the second property is not well-proven, however known it is, that the task of inverting is equivalent the decision of difficult mathematical task.

Application of one-way trapdoor function in cryptography allows:

- to organize an exchange the encrypted messages with the use of the only opened channels of connection, i.e. to turn down the secret channels of connection for a preliminary exchange by the keys;

- to include at dissection of cipher an complicated mathematical problem and the same to increase cipher firmness;

- to decide new cryptographic tasks, different from an encipherement (electronic digital signature and other).

Firmness of most modern asymmetric algorithms is based on mathematical problems which on this stage are an infeasible task:

1) factorization of large numbers (decomposition of large numbers on simple multipliers);

2) the discrete taking the logarithm in the eventual fields (a search of logarithm in the eventual fields);

3) search of roots of algebraic equalizations.

As to date there are not effective algorithms of decision of these tasks or their

decision requires bringing in of large calculable resources or temporal expenses, these mathematical tasks found a wideuse in the construction of asymmetric algorithms.