Professional Documents
Culture Documents
2
Department of Computer Science,S.V.K.P. and Dr. K.S.R. Arts and Science College
Penugonda-534320,India
Step1: Both A and B agree on two large positive integers, n and sends them to A.Now on exchange of m pairs of public
and g such that n is a prime number and g is a group keys, the participants can generate more than one shared
generator. key, because, instead of a single combination of the private
keys (xy) as exists in the basic (DH), m2 combinations
Step2: A randomly chooses a positive integer, x which is such as (xiyj),1 i m, 1 jm, exist and each of them can
smaller than n and serves as As private key. Similarly, B generate a DH style key. The generation of m2 shared keys is
chooses its own private key, y. as follows .The person A can compute the following keys:
Step3: Both A and B compute their public keys using = mod n = mod n, 1 i m, 1 j m..
X= mod n and Y= mod n, respectively.
The person B can compute the following keys:
Step4: They exchange their public keys through a public
communication channel.
= mod n = mod n, 1 i m, 1 j m.
Step5: Now both A and B compute their shared key K,
using Here = , 1 i m, 1 j m. These m2 keys are
K= mod n= mod n called the base keys. Additional shared keys can be
K= mod n= mod n derived by multiplying these base keys in different
For practical applications, it is assumed that D-H holds combinations which are called extended keys. The
decisional DH (DDH) assumptions (Cf. [5], [6]) which extended keys are derived as follows.
means that no polynomial time algorithm exists to compute For example, multiplying two base keys at a time out of m2
K up on knowing X,Y, g and n. base keys generates C(m2,2) shared keys such as
2.1 Multiple Shared key (MSK) Technique Using the above discussion, in what follows, we arrive at
the total number of shared keys at a time, in terms of the
The participant A generates m public keys as given below number of exchanged keys.
and sends to B. So, , = mod n, 1 i m where Xi and xi,
for i=1,2,,m, are the public and private keys of A. 2.2 An upper bound for the total number of shared
Similarly the participant B chooses private keys y1,y2,....,.ym keys in the proposed technique
randomly and generates m public keys as
The total number of shared keys
= mod n, 1 j m
IJCSI International Journal of Computer Science Issues, Vol. 7, Issue 3, No 3, May 2010 28
www.IJCSI.org
= Number of base keys + The number of extended keys, ii. To generate -1 shared keys it requires interchange of
which can be easily seen to be -1 2( -1) messages in D-H technique and 2m messages in
. MSK-m.
Observe that for m = 2, we get the 15 shared keys iii. To generate -1 shared keys it requires 22( -1)
mentioned in Biswas[1]. exponential operations in D-H technique and MSK-m
requires 2m2 +2m.
Example iv. To generate -1 shared keys it requires no
multiplications and MSK-m requires 2(2 -1 (m2-2) +1)
The number Total number of v. The time complexity of D-H is
Number of
of public 2) shared keys
base keys(m
keys TD-H(m) = Ce22 ( -1) = O( )
exchanged(m) ( -1)
1 12=1 21-1=1 Where Ce denotes time needed for execution of one
2 22=4 24-1=15 exponential operation.
2 So, D-H possibly has non polynomial (exponential) time
3 3 =9 29-1=511 complexity. Hence, it requires more time for execution.
4 42=16 216-1=65535 Since multiplications are very less expensive than
. . . exponentiation, for time complexity we consider
exponential operations and hence the time complexity of
. . . MSK
their private keys from Zq = {0, 1, 2. . . q -1}, then an The other party chooses one message at random and
adversary cannot distinguish between the random keys performs brute-force attack to decrypt it -although it needs a
in QRp and the keys that are generated by DH large amount of work, it is still computable. It then encrypts
technique. its message with the key thus recovered and sends it to the
first party along with the puzzle number. Since it knows the
In what follows, we recall some material from Zheng-
puzzle number, it thus identifies the key and decrypts the
Manz-Foss-Chen[7]. message.
Similarly, in order to select a key out of -1shared keys,
DDH assumption:
one party generates a message comprising a shared key and
G is a finite cyclic group and g is a generator.
a puzzle number. After encrypting it either with the smallest
Given ( ga, gb, gab) and ( ga, gb, gc) for random a, b, c [1,
or largest key of the shared keys generated, it is sent to the
|G|], no efficient algorithm can decide that c = ab in G. In
other party. The message is easily decrypted as the recipient
other words, the value gab is indistinguishable in polynomial
knows all keys and the (shared key, puzzle number) pair is
time from a random number of G.
recovered. The party then either sends the puzzle number
Using the DDH assumption, if K1 and K2 are random
alone or an encrypted message along with the puzzle
numbers and PKi for i = 1, 2 are the corresponding public
number to the first party, where the message is encrypted
values, then the shared value K = PK1 exp K2 = PK2 exp
with the shared key found. Since the first party knows the
K1using two-party secure group key exchange is
puzzle number, it therefore identifies the session key and
indistinguishable in polynomial time from a random value,
can decrypt the message. For subsequent changes, the
where exp is an exponentiation operation. From the security
present session key may be used to encrypt a shared key at
point of view, the above assumption is very strong and
one end, and it is decrypted at the other end to obtain the
many secured practical cryptographic systems designed are
new session key.
based on it. The present paper also follows this assumption
Conclusions: Since the D-H technique is simple and easy to
to generate secured multiple two-party shared keys.
implement and since MSK-m uses only the D-H style for
Now we make the following Proposition.
shared key generation, MSK-m is also easy to implement.
Further, using the lower and upper bounds for m and N (Cf.
1.2 and 1.3), the security levels can be increased in SDT
2.5.1 Proposition: with relatively lesser operational overhead (Cf.1.4).
m2 two-party shared keys k1, k2, k3km2(base keys)
derived in the application of the basic DH technique are Acknowledgments
indistinguishable in polynomial time from random numbers.
Author would like to thank the Management of S.V.K.P.
Proof: Since each of the m2 shared keys is basically a D-H and Dr. K.S.R. Arts and Science College, for Sponsor
style key and for D-H shared key the proposition is true, our
ing and financial support.
Proposition follows.
Corollary 1:
References
The extended -1-m2 shared keys generated by
2 [1] G.P. Biswas, Diffie Hellman Technique Extended To
multiplying the m base keys in different combinations are
Multiple Two Party Keys And One Multi Party Key, IET
also indistinguishable in polynomial time from random
inf. Sec., 2008, Vol.2(1), pp.12-18.
numbers.
[2] Menezes A.J., Elliptic Curve Public Key Crypto
For a communication, the participants must agree upon a
Systems, Kluwer Academic Publishers, 1993.
particular key. One method for the selection of a shared key
[3] Diffie W. and Hellman M., New Directions in
is shown below.
Cryptography, IEEE Trans. Inf. Theory, Vol. 22(6), pp.
644654, 1976.
2.6 Selection of shared key [4] Stallings W., Cryptography And Network Security,
Principles And Practices, Pearson Education, 3rd Edn.,
Now that the proposed extension can generate multiple
2004.
shared keys, it is necessary for us to be able to select a key
[5] Boneh D., The Decision Diffie-Hellman Problem, Proc.
for a session. Here we suggest that one can follow a method
3rd Algorithmic Number Theory Symposium, Lecture
similar to that in the well known Merkles puzzle which is
Notes in Computer Science, 1423, pp. 4863, 1998.
recalled below:
[6] Boneh D. and Venkatesan R., Breaking RSA May Not
A party generates n messages each with having a different
Be Equivalent to Factoring, Advances in Cryptology,
puzzle number and a secret key number and sends all the
EUROCRYPT98, pp. 5971, 1998.
messages to the other party in encrypted form. Note that a
[7] ZHENG S., MANZ D., Alves-Foss J and Chen Y.,
different 20 bit key is used for encryption of each message.
Security And Performance Of Group Key Agreement
IJCSI International Journal of Computer Science Issues, Vol. 7, Issue 3, No 3, May 2010 30
www.IJCSI.org