Previous Tip  |  Next Tip  |  Index (recent)   |  Design Tips   | [Bill's Home]

240. Key Exchange in .NET ... Diffie-Hellman

The major problem of private-key encryption is how to pass the key between Bob and Alice, without Eve listening (Figure 1). This problem was solved by Whitfield Diffie in 1975, who created the Diffie-Hellman method. With this method, Bob and Eve generate two random values, and perform some calculations (Figure 2 and Figure 3), and pass the result of the calculations to each other (Figure 4). Once these values have been received at either end, Bob and Alice will have the same secret key, which Eve cannot compute (without extensive computation).

Figure 1 How to pass the private key?

Figure 2 Diffie-Helman method

 

Figure 3 Diffie-Hellman process

 

Figure 4 Example Diffie-Hellman process

For example, please try your own values:

A simple .NET program to calculate small values of G and n is [Click here to download of the solution]:

using System;
namespace diffie
{
 class Class1
 {
  public static Random r= new Random();
  static void Main (string[] args)
  {
   long x,y,A,B,n,G,K1, K2 ;
   G= 20;
   n= 99;
   x = random(10)+1;
   y = random((int)x);
   double val1= Math.Pow((double)G,(double)x);
   double val2= Math.Pow((double)G,(double)y);
   Math.DivRem((long)val1,n,out A);
   Math.DivRem((long)val2,n,out B);
   Math.DivRem((long)Math.Pow((double)B,(double)x),n,out K1);
   Math.DivRem((long)Math.Pow((double)A,(double)y),n,out K2 );
   Console.WriteLine("x is {0} and A is {1}",x,A);
   Console.WriteLine("y is {0} and B is {1}",y,B);
   Console.WriteLine("K1 is: " + K1);
   Console.WriteLine("K2 is: " + K2 );
   Console.ReadLine();
  } 
  public static int random(int max)
  {
   try
   {
   return(r.Next(max));
   }
   catch {};
   return(0);
  }
 }
} 

which gives a sample run of:

x is 6 and A is 64
y is 3 and B is 80
K1 is: 91
K2 is: 91

It can be seen that the values of G and n (20 and 99, respectively) are relevantly small as larger values will typically overflow the calculations, as the Math.DivRem() method can only support long integers, whereas many more bits are required to support the large values involved, especially with the A and B to the power of x and y, respectively. A run of values of x and y between 1 and 3 shows that the values of K1 and K2 are the same for these values of G and n (the code for this is in Tutorial 4.10.4):

x y A  B  K1 K2 
1 1 20 20 20 20
1 2 20 4  4 4
1 3 20 80 80 80
2 1 4  20 4 4
2 2 4  4  16 16
2 3 4  80 64 64
3 1 80 20 80 80
3 2 80 4  64 64
3 3 80 80 71 71 

The code is:

using System; 
namespace diffie
{
class Diffie
{
 static void Main (string[] args)
 {
  long x,y,A,B,n,G,K1, K2 ;
  G= 20;
  n= 99;
  Console.WriteLine("x\ty\tA\tB\tK1\tK2");
  for (x=1;x<4;x++)
   for (y=1;y<4;y++)
   {
    double val1= Math.Pow((double)G,(double)x);
    double val2= Math.Pow((double)G,(double)y);
    Math.DivRem((long)val1,n,out A);
    Math.DivRem((long)val2,n,out B);
    Math.DivRem((long)Math.Pow((double)B,(double)x),n,out K1);
    Math.DivRem((long)Math.Pow((double)A,(double)y),n,out K2 );
    Console.WriteLine("{0}\t{1}\t{2}\t{3}\t{4}\t{5}",x,y,A, B, K1, K2 );
   }
   Console.ReadLine();
  }
 }
}

Diffie-Hellman is used in many applications, such as in VPN (Virtual Private Networks), SSH, and secure FTP. The following shows a trace of a connection to a secure FTP site:

STATUS:> Getting listing ""...
STATUS:> Initializing SFTP21 module...
STATUS:> Resolving host name mysite.com ...
STATUS:> Host name mysite.com resolved: ip = 1.2.3.4.
STATUS:> Connecting to SFTP server ftp1.napier.ac.uk:22 (ip = 1.2.3.4 )
Key Method: Diffie-Hellman-group1-SHA1
Host Key Algorithm: SSH-RSA
Session Cipher: 192 bit TripleDES-cbc
Session MAC: HMAC-MD5
Session Compressor/Decompressor: ZLIB
STATUS:> Getting working directory...
STATUS:> Home directory: /home/test

Magic!!!! Hail to the Whitfield Diffie ... a true genius!

Other related .NET articles I've written include:

- Design Tip 298. [.NET] HMAC-SHA1.
- Design Tip 243. [.NET] Base-64 or Hex hash values.
- Design Tip 242. [.NET] Digital Certificates.
- Design Tip 241. [.NET] Public-key Encryption.
- Design Tip 240. [.NET] Diffie-Hellman Method.
- Design Tip 239. [.NET] Symmetric Encryption (Private-key).
- Design Tip 238. [.NET] Obfuscation Part II.
- Design Tip 237. [.NET] Obfuscation Part I
- Design Tip 236. [.NET] Data packet capture (filters: IP, TCP, and so on).
- Design Tip 235. [.NET] Data packet capture.
- Design Tip 234. [.NET] Interface to network adapter.
- Design Tip 232. [.NET] Creating an SSH client.
- Design Tip 231. [.NET] Creating an SNMP client.
- Design Tip 216. [.NET] Client/server communications.
- Design Tip 210. [XML/.NET] XML and .NET.
- Design Tip 207. [.NET] Treeviews for interest.
- Design Tip 206. [.NET/Design] Design, evaluate, design, .....
- Design Tip 205. [.NET] Treeviews.
- Design Tip 203. [.NET] Replacing menus with Treeviews.
- Design Tip 202. [.NET/Flash] .NET and Flash - the perfect pair.