Question 132 : What’s the difference between Diffie-Hellman and RSA

téléchargementRSA encryption  is an asymmetric cryptography algorithm, widely used in electronic commerce and more generally to exchange confidential data on the Internet. Ron Rivest, Adi Shamir, and Leonard Adleman developed RSA, and it is named from the first letters of their last names (RSA). This algorithm was described in 1977 and has been patented by the Massachusetts Institute of Technology (MIT) in 1983 in the United States. The patent expired on 21 September 2000: This description responds to the fifth question our list of ” 300 infoSec Questions”:Question 5 What does RSA stand for ?

I do not know about you, but I thought in my head: they are still alive? when I saw Adi Shamir, Ronald Rivest, Whitfield Diffie, in the cryptographers’ Panel  at the RSA Conference 2015. Not that I wish they are no longer of this world, but instead, it’s just that when you have learned from books inventions and scope, subconsciously you think that inventors are certainly no longer alive, I do not know why but there is the impression we have. So I wish long life to these Gents !

Going back to our definition ; RSA is a cryptosystem for public-key encryption , and it is widely used on the internet and elsewhere due to its strong security . Asymmetric encryption methods use RSA : For example, e-mail applications often use RSA to privately share a symmetric key between two systems. The application uses the recipient’s public key to encrypt a symmetric key, and the recipient’s private key decrypts it.

Diffie–Hellman  (Whitfield Diffie – Martin Hellman ) key exchange is based on the premise that two correspondents, Alice and Bob, wish to communicate a secret number, but must do so on an insecure channel. An unauthorized user, Eve, is trying to intercept the message over the unsafe channel. If Eve obtains the message containing the key, all integrity and confidentiality is lost. This issue is resolved by masking the key using modular arithmetic. Diffie – Hellman is used to generate a shared secret in public for later symmetric (“private-key”) encryption.

 Remember this

RSA is an asymmetric algorithm used to encrypt data and digitally sign transmissions.. RSA is widely used to protect Internet traffic, including e-mail. RSA relies on the mathematical properties of prime numbers when creating public and private keys.These keys are commonly used with asymmetric encryption to privately share a symmetric key .Diffie-Hellman addresses key management and provides another method to privately share a symmetric key between two parties.

Dig Deeper  

(Those who knows Insanity Workout with Shaun T. knows what’s Dig deeper mean …so instead to dig deep in our body’s resources we have to Dig deep in our brain !!! 😉 )

RSA udownloadses the mathematical properties of prime numbers to generate secure public and private keys. Specifically, RSA relies on the fact that the product of two large prime numbers can’t be easily factored. The strength of the RSA depends on the difficulty of the prime number factorization. For applications with high-level security, the number of the decryption key bits should be greater than 512 bits.  The math is complex and intriguing to mathematicians, but you don’t have to understand the math to understand that RSA is secure.

For example, researchers published a paper in 2010 identifying how long it took to factor a 232-digit number (768 bits). They wrote that it took them about two and a half years using hundreds of systems. They estimated that if a single 2.2 GHz computer was used, it would take fifteen hundred years to complete. RSA is used on the Internet as one of the protections for credit card transactions. It’s safe to say that today’s credit card information won’t be of much value in fifteen hundred years.

RSA uses at least 1024-bit keys today. RSA Security (a company that frequently tests the security of RSA) recommends using key sizes of at least 2048 bits long, and 3072-bit keys are on the horizon.

RSA is used to come up with a public/private key pair for asymmetric (“public-key”) encryption:

RSA:

  • Used to perform “true” public-key cryptography
  • Key identity: (me)d = m   (mod n)   (lets you recover the encrypted message)
  • Where:
    • n = prime1 × prime2    (n is publicly used for encryption)
    • φ = (prime1 – 1) × (prime2 – 1)   (Euler’s totient function)
    • e is such that 1 < e < φ, and (e, φ) are coprime    (e is publicly used for encryption)
    • d × e = 1   (mod φ)    (the modular inverse d is privately used for decryption)

Diffie-Hellman is a key exchange algorithm used to privately share a symmetric key between two parties. Once the two parties know the symmetric key, they use symmetric encryption to encrypt the data.

The Diffie–Hellman key exchange is based on the premise that two correspondents, Alice and Bob, wish to communicate a secret number, but must do so on an insecure channel. An unauthorized user, Eve, is trying to intercept the message over the unsafe channel. If Eve obtains the message containing the key, all integrity and confidentiality is lost. This issue is resolved by masking the key using modular arithmetic. Alice and Bob achieve secrecy by agreeing on a large prime number, p, and a base number, n. Alice will choose a personal, private value, a, which remains unknown to Bob.94224Bob will generate a secret value only known to himself, b. It is important that a and b are less than p. Alice and Bob’s respective secret keys should be relatively prime to n, meaning that neither shares common factors with n. Alice’s public value is na mod p and Bob’s is nb mod p. The two correspondents exchange their public values, so that both parties now know both. Alice will compute nab = (nb)a mod p. Bob will compute nba = (na)b mod p. Once both algorithms are computed, each party will have the same number. Alice and Bob are now able to privately communicate on the insecure network.

Diffie-Hellman is used to generate a shared secret in public for later symmetric (“private-key”) encryption:

Diffie-Hellman:

  • Creates a shared secret between two (or more) parties, for subsequent symmetric encryption
  • Key identity: (gens1)s2 = (gens2)s1 = shared secret   (mod prime)
  • Where:
    • gen is an integer whose powers generate all integer in [1, prime)   (mod prime)
    • s1 and s2 are the individuals’ “secrets”, only used to generate the symmetric key

Remember this:

RSA is used to come up with a public/private key pair for asymmetric (“public-key”) encryption.Diffie-Hellman is used to generate a shared secret in public for later symmetric (“private-key”) encryption.

Src: Security+ Study Guide -Darril Gibson ;  Information Security Fundamentals – Peltier, Thomas R.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s