Prime Numbers

388 Chapter 8 THE UBIQUITY OF PRIME NUMBERS
An immediate application of this “one-way” feature of exponentiation is a
cryptographic algorithm so simple that we simply state it in English without
formal exhibition. Say you want individuals to have their own passwords to
allow entry onto a computer system or information channel. A universal prime
p and primitive root g are chosen for the whole system of users. Now each
individual user “thinks up” his or her secret password x, an integer, and
computes h = g x mod p, finally storing his or her h value on the system itself.
Thus for the array of users, there is a stored array of h values on the system.
Now when it is time to gain entry to the system, a user need only type the
“password” x, and the system exponentiates this, comparing the result to that
user’s h. The scheme is all very simple, depending on the difficulty of looking
at an h and inferring what was the password x for that h.
Not quite so obvious, but equally elegant, is the Diffie–Hellman key
exchange scheme, which allows two individuals to create a common encryption
key:
Algorithm 8.1.1 (Diffie–Hellman key exchange). Two individuals, Alice
and Bob, agree on a prime p and a generator g ∈ F ∗ p. This algorithm allows
Alice and Bob to establish a mutual key (mod p), with neither individual being
able (under DL difficulty) to infer each other’s secret key.
1. [Alice generates public key]
Alice chooses random a ∈ [2,p− 2]; // Alice’s secret key.
x = g a mod p; // x is Alice’s public key.
2. [Bob generates public key]
Bob chooses random b ∈ [2,p− 2]; // Bob’s secret key.
y = g b mod p; // y is Bob’s public key.
3. [Each individual creates the same mutual key]
Bob computes k = x b mod p;
Alice computes k = y a mod p; // The two k-values are identical.
This mutual key creation works, of course, because
(g a ) b =(g b ) a = g ab ,
and all of this goes through with the usual reductions (mod p). There are
several important features of this basic Diffie–Hellman key exchange notion.
First, note that in principle Alice and Bob could have avoided random
numbers; choosing instead a memorable phrase, slogan, whatever, and made
those into respective secret values a, b. Second, note that the public keys
g a ,g b mod p can be made public in the sense that—under DL difficulty—it
is safe literally to publish such values to the world. Third, on the issue of
what to do with the mutual key created in the algorithm, actual practical
applications often involve the use of the mutual key to encrypt/decrypt long
messages, say through the expedient of a standard block cipher such as DES
[Schneier 1996]. Though it is easy to break the Diffie–Hellman scheme given a
fast DL method, it is unclear whether the two problems are equivalent. That