[Cryptography] Non-Authenticated Key Agreement

Kristian Gjøsteen kristian.gjosteen at math.ntnu.no
Wed Sep 23 14:56:54 EDT 2015

23. sep. 2015 kl. 20.04 skrev Philipp Gühring <pg at futureware.at>:
> Diffie-Hellman makes sure that both parties end up with a secure key d if
> at least any one of them has a secure random number generator and follows
> the protocol correctly.

That is false.

If Alice’ random number generator always outputs 3, Eve can easily deduce the shared secret, regardless of what Bob does.

The correct statement is that the parties end up with a randomly chosen key if Bob (the responder) follows the protocol (with some minor additions to the textbook version). They end up with a randomly chosen key if Alice (the initiator) follows the protocol and Bob’s value is independent of Alice’ value. Note that «randomly chosen» is not the same as «secure».

Kristian Gjøsteen

More information about the cryptography mailing list