**

**

€4.00

Tax included

**Authenticated Diffie-Hellman (DH) Key Agreement Protocol (KAP) – A-DH-KAP**

COMPLETED.

This protocol is executed between Student Alice (You) and Mentor Bob. It is a combination of DH KAP with the Schnorr Identification protocol. During this KAP protocol both parties proves to each other their identity, which means that their Public Keys corresponds to their Private Keys. In the case if Public Keys are certified by authorized Certification Authority (CA) this means that parties prove their identities to each other. Authenticated DH KAP prevents Man-in-the Middle attack.

System parameters for this protocol are the same as in Schnorr identification protocol and are the same for all students. They have the following values:

** p**=157718819 and

Mentor Bob Public Key is ** B**=80094402 generated using these system parameters.

Parameter values sent by Alice are included in brackets [ ] and must be entered in the corresponding input fields.

The following functions are used in the protocol:

**>> genstrongprime(bl)**

**>> mod_exp(g,x,p)**

**>> randi(z)**

- Find your previously saved Private and Public Keys and send [
] to the Mentor. If you have lost it, generate your Public Key once again in the same way as in Schnorr Identification protocol.*A*

- If Mentor received your PuK, he asks you to begin Authenticated DH KAP. Compute random number
<2*a*^{28}using function randi(z). Using system parameters generate your whitnessand send [*W*_{A}=g^{a}mod p] to the Mentor.*W*_{A}

- If it is OK, Mentor Bob sends You his Public Key
=80094402 generated using same system parameters, his whitness*B*=….. , where*W*_{B}=g^{b}mod pis generated random number, and random challenge*b*=….. . Compute your random challenge*e*<2*c*^{28}. Find your Private Keygenerated previously and keeping secretly. Do not show it to anybody. Compute you response*x*=*R*to the Mentor’s random challenge*a-x∙e mod*(*p-*1). Send [*e*,*c*] to the Mentor.*R*

- Mentor verifies if you actually know your PrK=
corresponding to your PuK=*x*. If it is OK, then he sends his response*A*=….. to your challenge*T*. Verify if Mentor actually know his PrK=*c*corresponding to his PuK=*y*. Send your answer Yes/No and computed verification result*B*to the Mentor [Y/N,*V*].*V*

- If both parties proves to each other their identities successfully Mentor computed common secret key
using your whitness*K*_{BA}. Compute the common secret key*W*_{A}using Mentor’s whitness*K*_{AB}. Recall that if key agreement is correct then*W*_{B}=*K*_{AB}. Encrypt current date and time in the format*K*_{BA}=MMDDhhmm using Vernam cipher with agreed secret key*DT*obtaining ciphertext*K*_{AB}. Send encrypted message [*C*_{D}] to the Mentor for verification.*C*_{D}

- Remark. In this protocol agreed secret key was computed using whitneses from both parties. It is not very good practice, since adversary have an additional response equation
=*R*relating secret data*a-x∙e mod*(*p-*1)and especially Private Key*a*. It would be better if in the 2-nd and 3-rd steps of the protocol parties sent to each other different numbers*x*and*A*_{1}respectively to compute agreed secret key together with*B*_{1}and*W*_{A}.*W*_{B}

Notice that protocol is executed using four data transfers. The data transfers can be reduced to two if instead the Schnorr identification parties will use e-signature.

3448 Items