# Key Exchange Standards

## From Real-World Cryptography by David Wong

In this article, the author teaches readers about the Diffie-Hellman key exchange standard, which was the very first key exchange algorithm ever invented, and the Elliptic Curve Diffie-Hellman key exchange standard, which is the Diffie-Hellman built with elliptic curves.

• The second key exchange algorithm I will talk about is actually the same Diffie-Hellman algorithm but built with elliptic curves, it is thus usually called Elliptic Curve Diffie-Hellman (ECDH).

## Diffie-Hellman (DH)

In 1976, Whitfield Diffie and Martin E. Hellman wrote their seminal paper on the DH key exchange algorithm entitled “New Direction in Cryptography” (what a title right?).

1. An operation defined on these elements that satisfy certain properties.
• 54 = 2 mod 13
• 170 = 0 mod 17
• and so on…

## Quite straightforward isn’t it?

I said earlier that the operation satisfies a number of properties. One of them is that every element defined in our group must have an inverse. We say that an element a has an inverse b if

• 3 x 3 x 3 as 33
• and so on…
• 42 mod 5 = 1
• 43 mod 5 = 4 (we start again from the beginning)
• 34 mod 5 = 1
• and so on …
• A generator can be used to generate a whole (sub)group.

## This is the secret sauce behind Diffie-Hellman!

You now know enough to understand how to generate a keypair in DH:

1. Each participant generates a random number X, this becomes their private key.
2. Each participant derives their public key as gX mod p.
• Bob has a private key b and a public key B = gb mod p.

## Diffie-Hellman Standards

Now that you have seen how Diffie-Hellman works, you understand that participants need to agree on a set of parameters, specifically on a prime number p and a generator g.

## Elliptic Curve Diffie-Hellman (ECDH)

It turns out that the Diffie-Hellman algorithm, which we just discussed, can be implemented in more than just modulo a prime number. All we need is just a group! It also turns out that a group can be made from elliptic curves (a type of curves in mathematics). The idea was proposed in 1985 by Neal Koblitz and Victor S. Miller independently, and much later adopted when Elliptic Curve Cryptography (ECC) (cryptographic algorithms that are based on elliptic curves) started seeing standardization around 2000. The world of applied cryptography quickly adopted algorithms based on elliptic curves as they provided way smaller keys than the previous generation’s algorithms. Compared to the recommended 2048-bit parameters in DH, parameters of 256-bit were possible with the elliptic curve variant of the algorithm.

1. Draw a vertical line from this newly found point. The vertical line hits the curve in yet another point.
2. This point is the result of adding the original two points together.
• What happens if the line we draw in step 1 (or step 2) does not hit the curve at any other point? Well, this is embarassing and we need this special case to work and produce a result. The solution is to define the result as a fictive point (something we made up). This fictive point is called the point at infinity (that we usually write with a big letter O).
• A definition of what an addition means in this set.
• An imaginary point called a point at infinity.
1. Each participant generates a random number X, this becomes their private key.
2. Each participant derives their public key as [X]G.
• Bob has a private key b and a public key B = [b]G.

## Elliptic Curve Diffie-Hellman Standards

The standardization of ECDH has been even more chaotic than DH. Many standardization bodies have come out and specified a large number of different curves, which was then followed by many wars over which curve was more secure. A large amount of research, mostly led by Daniel J. Bernstein, pointed out the fact that a number of curves standardized by the NIST could potentially be part of a weaker class of curves only known to the NSA.

• RFC 7748 which was published in 2016.