[Cryptography] Silly Diffie-Hellman question using XOR
Craig B Agricola
craig at theagricolas.org
Wed Mar 5 12:56:37 EST 2014
On Thu, Mar 06, 2014 at 12:26:28AM +1000, Stuart Longland wrote:
> i.e. two parties, Alice and Bob wish to establish a shared key.
> 1. Alice generates two keys: A1 and A2.
> Bob generates two keys: B1 and B2.
> 2. Alice signs A2 and sends A2 + signature to Bob.
> Bob signs B2 and sends B2 + signature to Alice.
> 3. Alice verifies B2+signature, then generates
> A3 = A1 ^ A2 ^ B2. Alice signs A3 and sends to Bob.
> Bob verifies A2+signature, then generates
> B3 = B1 ^ B2 ^ A2. Bob signs B3 and sends to Alice.
> 4. Alice verifies B3+signature, then generates
> A4 = B3 ^ A1 = B1 ^ B2 ^ A2 ^ A1
> Bob verifies A3+signature, then generates
> B4 = A3 ^ B1 = A1 ^ A2 ^ B2 ^ B1
> Since XOR is commutative; A4 and B4 should be identical. A1 and B1 are
> never revealed in public. XOR is computationally inexpensive, not the
> strongest, and probably wouldn't stop a determined (i.e. state-backed)
> cracker. Information theory would be useless as the keys would be random.
In step 2, Eve gets A2 and B2.
In step 3, Eve gets A3 and B3.
A3^A2^B2=(A1^A2^B2)^A2^B2=A1 (because, as you say, XOR is commutative.
B1 is obviously similarly compromized by step 3, and so Eve can easily
calculate A4/B4 as in step 4.
More information about the cryptography