Previous  Index  Next
Send a comment
Security Protocols Open Repository
download: protocol specification in plain text
page in compressed postscript
page in pdf
page source in latex
bibTeX references

Diffie Helman

Author(s): W. Diffie and M. Helman  (1978)

Summary: The Diffie Helman key exchange algorithm.

Protocol specification (in common syntax)

A, B :   principal
P, G, Xa, Xb :   number
one :   -> number
kap :   number, number, number -> number

1.   A -> B :   P, G
2.   A -> B :   kap(P, G, Xa)
3.   B -> A :   kap(P, G, Xb)
4.   A -> B :   {one()}kap(P, kap(P, G, Xb), Xa)

Description of the protocol rules

The function kap must satisfy:
kap(P, kap(P, G, Y), X) = kap(P, kap(P, G, X), Y)
It is implemented by: kap(P, X, Y) = exp(X, Y) mod P.

It the protocol, P is choosen to be a prime number P and G < P.

The fresh symmetric key exchanged is kap(P,kap(P,G,Xb),Xa) = kap(P,kap(P,G,Xa),Xb).


The protocol must guaranty the secrecy of the fresh key.

The protocol must guaranty the authenticity of the participants.



Claimed proofs


Claimed attacks

The authenticity is not guaranteed by the protocol.
1.   I(A) -> B :   P, G
2.   I(A) -> B :   kap(P, G, Xi)
3.   B -> I(A) :   kap(P, G, Xb)
4.   I(A) -> B :   {one()}kap(P, kap(P, G, Xb), Xi)
1.   A -> I(B) :   P, G
2.   A -> I(B) :   kap(P, G, Xa)
3.   I(B) -> A :   kap(P, G, Xi)
4.   A -> I(B) :   {one()}kap(P, kap(P, G, Xi), Xa)


Bruno Blanchet. An efficient cryptographic protocol verifier based on prolog rules. In IEEE, editor, 14th IEEE Computer Security Foundations Workshop (CSFW-14), june 2001.

W. Diffie and M. Helman. New directions in cryptography. IEEE Transactions on Information Society, 22(6):644--654, november 1976.
last modified 11/11/2002.
Previous  Index  Next
Send a comment