Authenticated DH KAP 1
Authenticated Diffie-Hellman (DH) Key Agreement Protocol (KAP) – A-DH-KAP
This protocol is executed between Student Alice (You) and Mentor Bob. It is a combination of DH KAP with the Schnorr Identification protocol. During this KAP protocol both parties proves to each other their identity, which means that their Public Keys corresponds to their Private Keys. In the case if Public Keys are certified by authorized Certification Authority (CA) this means that parties prove their identities to each other. Authenticated DH KAP prevents Man-in-the Middle attack.
System parameters for this protocol are the same as in Schnorr identification protocol and are the same for all students. They have the following values:
p=157718819 and g=8, where p is a strong prime. Please check it for awareness.
Mentor Bob Public Key is B=80094402 generated using these system parameters.
Parameter values sent by Alice are included in brackets [ ] and must be entered in the corresponding input fields.
The following functions are used in the protocol:
- Find your previously saved Private and Public Keys and send [A] to the Mentor. If you have lost it, generate your Public Key once again in the same way as in Schnorr Identification protocol.
- If Mentor received your PuK, he asks you to begin Authenticated DH KAP. Compute random number a<228 using function randi(z). Using system parameters generate your whitness WA=ga mod p and send [WA] to the Mentor.
- If it is OK, Mentor Bob sends You his Public Key B=80094402 generated using same system parameters, his whitness WB=gb mod p=….. , where b is generated random number, and random challenge e=….. . Compute your random challenge c<228. Find your Private Key x generated previously and keeping secretly. Do not show it to anybody. Compute you response R=a-x∙e mod (p-1) to the Mentor’s random challenge e. Send [c, R] to the Mentor.
- Mentor verifies if you actually know your PrK=x corresponding to your PuK=A. If it is OK, then he sends his response T=….. to your challenge c. Verify if Mentor actually know his PrK=y corresponding to his PuK=B. Send your answer Yes/No and computed verification result V to the Mentor [Y/N, V].
- If both parties proves to each other their identities successfully Mentor computed common secret key KBA using your whitness WA. Compute the common secret key KAB using Mentor’s whitness WB. Recall that if key agreement is correct then KAB= KBA. Encrypt current date and time in the format DT=MMDDhhmm using Vernam cipher with agreed secret key KAB obtaining ciphertext CD. Send encrypted message [CD] to the Mentor for verification.
- Remark. In this protocol agreed secret key was computed using whitneses from both parties. It is not very good practice, since adversary have an additional response equation R=a-x∙e mod (p-1) relating secret data a and especially Private Key x. It would be better if in the 2-nd and 3-rd steps of the protocol parties sent to each other different numbers A1 and B1 respectively to compute agreed secret key together with WA and WB.
Notice that protocol is executed using four data transfers. The data transfers can be reduced to two if instead the Schnorr identification parties will use e-signature.