Diffie–Hellman with Public Key Infrastructure
It is also possible to use Diffie–Hellman as part of a public key infrastructure. Alice's public key is simply (g^a modp,g,p). To send her a message Bob chooses a random b, and then sends Alice
g^b modp (un-encrypted) together with the message encrypted with symmetric key (g^a)b modp. Only Alice can decrypt the message because only she has a (the private key). A pre-shared public key also prevents man-in-the-middle attacks.
In practice, Diffie–Hellman is not used in this way, with RSA being the dominant public key algorithm. This is largely for historical and commercial reasons, namely that RSA created a Certificate Authority for key signing that became Verisign. Diffie–Hellman cannot be used to sign certificates. However, the ElGamal and DSA signature algorithms are mathematically related to it, as well as MQV, STS and the IKE component of the IPsec protocol suite for securing Internet Protocol communications.
g^b modp (un-encrypted) together with the message encrypted with symmetric key (g^a)b modp. Only Alice can decrypt the message because only she has a (the private key). A pre-shared public key also prevents man-in-the-middle attacks.
In practice, Diffie–Hellman is not used in this way, with RSA being the dominant public key algorithm. This is largely for historical and commercial reasons, namely that RSA created a Certificate Authority for key signing that became Verisign. Diffie–Hellman cannot be used to sign certificates. However, the ElGamal and DSA signature algorithms are mathematically related to it, as well as MQV, STS and the IKE component of the IPsec protocol suite for securing Internet Protocol communications.
Comments
Post a Comment