Implementing-cryptography-using-python
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
34 Chapter 2 ■ Cryptographic Protocols and Perfect Secrecy
Alice and Bob are fictional characters originally invented to make research in
cryptology easier to understand. In a now-famous paper (“A method for obtaining
digital signatures and public key cryptosystems”), authors Ron Rivest, Adi
Shamir, and Leonard Adleman described exchanges between a sender and
receiver of information as follows: “For our scenarios we suppose that A and B
(also known as Alice and Bob) are two users of a public key cryptosystem.” In
that instant, Alice and Bob were born.
Diffie-Hellman
One of the most critical aspects of cryptography is safely exchanging secret
keys without being compromised. During the 1960s, key exchange was costing
the government, banks, and big businesses a fortune as they exchanged
keys using heavily guarded couriers who traveled around in person to deliver
cryptographic keys. Fortunately, the Diffie-Hellman protocol was introduced
to handle the growing issues with key exchange.
As with any other protocol that only covers key exchange, the Diffie-Hellman
protocol does not perform any authentication. Therefore, neither Alice nor Bob
knows with whom they are exchanging the message after the protocol is run.
The Diffie-Hellman exchange cannot guarantee the privacy of a communication
following the exchange; it has to be combined with an authentication
mechanism. The protocol design does offer an advantage, however; it allows
the protocol to guarantee the property of perfect forward secrecy (PFS), which
protects the message from a compromise of any data that has been protected
with other keys prior to the compromise.
To explain further, imagine that Alice and Bob both sign the data exchanged
to compute the shared key (SK) with their private keys. Even if one of the private
keys is compromised in the future, it will not allow a third party to decrypt
the data that has been protected with the SK. Authentication can be broken
down into two security service categories: data origin authentication and entity
authentication.
Data Origin Authentication
Data origin authentication, also known as data integrity, is the security service
that enables entities to verify that a message has been originated by a
particular entity and that it has not been altered after the message was created.
One approach can be conjectured by assuming that everyone knows Alice’s
public key, and that Alice can ensure data integrity of her messages by using
her private key to encrypt them. Additionally, Alice can compute a modification
digest code (MDC) over her message and append the MDC encrypted with
her private key to the message. MDC is an encryption algorithm that produces