Introduction:
介绍:
Diffie Hellman key exchange algorithm is a method for securely or secretly exchanging cryptographic keys or a key use in encryption or decryption over a public communications channel or away. Keys are not eventually exchanged – they are joint and derived. It is named after their inventors who invent this is Whitfield Diffie and Martin Hellman.
Diffie Hellman密钥交换算法是一种用于安全地或秘密地交换密码密钥或在公共通信信道上或远离加密或解密过程中使用的密钥的方法。 密钥最终不会交换-它们是联合的和派生的。 它以发明这种发明的发明家的名字命名,是Whitfield Diffie和Martin Hellman。
If Alice and Bob want to communicate with each other, they firstly discuss a variable between them a large prime number "p", and a generator or base "g" (where 0 < g < p).
如果爱丽丝和鲍勃想互相交流,他们首先讨论一个变量,它们之间有一个大质数“ p”,以及一个生成器或基数“ g”(其中0 <g <p)。
Alice chooses "a" secret integer as her private key and then calculates g^a mod p which is her public key. Bob chooses his private key "b", and calculates his public key in the same way Alice find its public key.
爱丽丝选择“ a”秘密整数作为她的私钥,然后计算g ^ a mod p作为她的公钥。 鲍勃选择其私钥“ b”,并以爱丽丝找到其公钥的相同方式计算其公钥。
Alice and Bob then exchange each other‘s public keys. Alice now knows "a" and Bob's public key g^b mod p as to encrypt the message. She is not able to find the value of b from Bob's public key because this is a hard or complex mathematical problem known as the discrete logarithm problem in mathematics. She can then find (g^b)^a mod p = g^ab mod p.
然后,爱丽丝和鲍勃交换彼此的公钥。 爱丽丝现在知道“ a”和鲍勃的公共密钥g ^ b mod p来加密消息。 她无法从Bob的公钥中找到b的值,因为这是一个困难或复杂的数学问题,在数学中被称为离散对数问题。 然后,她可以找到(g ^ b)^ a mod p = g ^ ab mod p。
Bob knows "b" and "g^a", so he can find "(g^a)^b mod p = g^ab mod p". Therefore both Alice and Bob know a key called shared secret key "g^ab mod p". An eavesdropper Eve who was listening in on the communication knows p, g, Alice's public key (g^a mod p) and Bob's public key (g^b mod p). She is unable to find or calculate the shared secret key from these values.
鲍勃知道“ b”和“ g ^ a”,因此他可以找到“(g ^ a)^ b mod p = g ^ ab mod p”。 因此,爱丽丝和鲍勃都知道一个称为共享密钥“ g ^ ab mod p”的密钥。 监听通信的窃听者夏娃知道p,g,爱丽丝的公钥(g ^ a mod p)和鲍勃的公钥(g ^ b mod p)。 她无法从这些值中找到或计算共享密钥。
In the mode of static-static, both Alice and Bob obtain their private/public keys over multiple communications which use this. Therefore the resulting shared secret key will be the same every time. In ephemeral-static mode only one party will generate or create a new private/public key every time, thus a new shared secret will be generated or created.
在静态-静态模式下,Alice和Bob都通过使用此协议的多个通信来获取其私钥/公钥。 因此,每次生成的共享密钥都是相同的。 在临时静态模式下,每次只有一个参与者会生成或创建一个新的私钥/公钥,因此将生成或创建一个新的共享机密。
Diffie-Hellman密钥交换的历史 (History of the Diffie-Hellman key exchange)
The Diffie-Hellman key exchange traces its started back to the 1970s. While the area of cryptography had developed significantly throughout the earlier twentieth-century of the era, these advancements were mainly focused in the area of symmetric-key cryptography of the crypto.
Diffie-Hellman密钥交换的历史可以追溯到1970年代。 尽管在整个20世纪早期,密码学领域已经取得了显着发展,但这些进步主要集中在密码学的对称密钥密码学领域。
It wasn't until 1976 that public-key algorithms mixed in the public key, when Whitfield Diffie and Martin Hellman published their paper, “New Directions in Cryptography”. The collaboration outlined the way of mechanisms behind a new system, which would come to be known as the "Diffie-Hellman key exchange of Bob and Alice".
直到1976年,Whitfield Diffie和Martin Hellman才发表了他们的论文“密码学的新方向”,直到公钥算法才混入公钥。 此次合作概述了新系统背后的机制方式,该系统将被称为“鲍勃和爱丽丝的Diffie-Hellman密钥交换” 。
The work was partly motivated by earlier developments made by "Ralph Merkle". The so-called "Merkle's Puzzles" include one party creating and sending several cryptographic puzzles or the text to the others. These puzzles or text would take a middle amount of computational resources to solve the puzzle.
这项工作的部分动机是“拉尔夫·默克尔”(Ralph Merkle)的早期发展。 所谓的“默克尔之谜”包括一方创建并发送多个密码谜题或文本给另一方。 这些难题或文本需要大量的计算资源才能解决难题。
Limitation:
局限性:
The most serious limitation of Diffie-Hellman in its basic or "pure" form is the absence of authentication. Communications using Diffie-Hellman all by itself are vulnerable to man in the middle attacks used in any cipher. Ideally, Diffie-Hellman should be used or need in conjunction with an admit authentication method such as digital signatures to verify the identities of the person using this signature in a bank or somewhere over the public communications medium. Diffie-Hellman is well suited for use in data communication but is less often used for data stored or archived over long periods in this kind of cipher.
Diffie-Hellman的基本形式或“纯”形式的最严重限制是缺少身份验证。 使用Diffie-Hellman本身进行的通信在任何密码使用的中间攻击中都容易受到人的攻击。 理想情况下,应将Diffie-Hellman或需要与诸如数字签名之类的接纳身份验证方法结合使用,以在银行或公共通信媒体上的某处验证使用此签名的人的身份。 Diffie-Hellman非常适合用于数据通信,但很少用于这种密码中长期存储或存档的数据。
翻译自: https://www.includehelp.com/cryptography/diffie-hellman-algorithm.aspx
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
