# Pioneering Public Key: Public Exchange of Secret Keys

• Print
From the author of

## A New Solution: Diffie-Hellman-Merkle Key Agreement

Unlike Merkle's initial idea to solve the problem of key delivery, the first patented public key cryptographic system used math to achieve the overwhelming ratio needed to ensure that BlackHat would stay busy for a long time. During the 1970s, Merkle took his ideas to Martin Hellman of Stanford, where Merkle found a more sympathetic training ground for public key cryptography.2 Hellman was joined by another cryptographic kindred spirit, Whitfield Diffie, who drove across the United States to meet him.

Like Thomas Edison, who tried thousands of materials before arriving at the combinations that made the light bulb possible, the Diffie-Hellman-Merkle trio tried all sorts of ways to solve the problem. Their persistence paid off. After two years of focusing on modular arithmetic and one-way functions3-problems that were harder to work one way than the other way-the men developed an open (that is, public) secret key agreement solution.

The first workable public key cryptographic system, the patented Diffie-Hellman-Merkle key agreement scheme (more commonly known as Diffie-Hellman, or DH), is still widely used in Internet browsers such as Secure Socket Layer (see Chapter 20) and Internet Protocol Security (see Chapter 21). Like Merkle's original approach, Diffie-Hellman confidants use insecure public communication lines to agree on a shared secret key.

### Alice and Bob Openly Agree on a Secret Key

In Merkle's original approach, Alice sent Bob 1,000,000 potential secret keys and Bob randomly selected one. In Diffie-Hellman, as incredible as it sounds, Alice and Bob make the shared secret key, online, together, in full view of BlackHat-or any other eavesdropper. (The math, not important for this discussion, is shown in Appendix A.)

 The Diffie-Hellman method of secret key agreement makes secret key distribution much easier.

What's important is the breakthrough that allows Alice and Bob to openly exchange some Diffie-Hellman numbers. Then, in private, they use each other's DH numbers, their secret random numbers, and the DH method to agree on the same secret key.

Although BlackHat knows the DH method and copies Alice and Bob's conversation, he cannot figure out Alice and Bob's agreed-on secret key. Figure 9-7 shows how Alice and Bob create and exchange a secret key over a public line. BlackHat listens to every communication between Alice and Bob.

Figure 9-7 Alice and Bob using the Diffie-Hellman (-Merkle) secret key agreement. BlackHat records their conversation but cannot reproduce their shared secret key.

### Problems with the Diffie-Hellman Method

 Alice can't use DH to authenticate Bob (and vice versa).

But the DH method has two weaknesses. The first is the lack of authentication. DH, by itself, doesn't give Alice assurance that the person with whom she's agreeing on a secret key is Bob. Rather, it assures Alice that the secret key she calculates is known only to her and to the computer at the other end of the connection. It doesn't stop BlackHat from masquerading as Bob to Alice or masquerading as Alice to Bob.

Second, the DH method fails to provide a versatile means for secret key exchange. Recall that to agree on secret keys, Alice and Bob must exchange some DH values. Although their DH values can be openly exchanged, for some applications, such as e-mail, an online exchange is inconvenient.

2. As the story goes, Merkle's Berkeley professor couldn't understand Merkle's ideas and Merkle dropped the course.

3. Modular math and one-way functions are discussed in Chapters 11 and 14, respectively.