1

After reviewing the subject craefully, I know understand how ECDHE-RSA provides PFS by creating a new set of private and public keys for every session.

Yet what I cannot understand, is how does this scheme relates to the basic DH scheme? The same one that is explained by using colors.

It seems to me that the basic DH scheme I know for key exchange, is not occuring on ECDHE-RSA, and instead, just a generation of new private and public key for every connection.

My question is, How does ECDHE-RSA scheme even relates to the basic DH scheme of secure key exchange? its seems that ECDHE-RSA is just like using AES-RSA, with a new set of key of each connection. Can't seem how Diffie-Hellman itself is actually involved in the process.

JinKazama
  • 81
  • 3
  • 15

2 Answers2

1

There's a few things going on here, some of which might be implementation dependent. Lets start with what that long acronym of ECDHE-RSA means.

ECDHE means Elliptic Curve Diffie-Hellman Ephemeral. The first part, Elliptic Curve, talks about the dirty math behind the cryptography. For implementation purposes, it basically means that you can use shorter key lengths without compromising the security.

Diffie-Hellman is the key exchange protocol. Its a method to derive a secret key over an unsecured communication line. However, the standard DH protocol is subject to a Man-in-the-middle attack. This means that an adversary can intercept a few messages, alter them if he so chooses, and forward them on to the recipient without no one being none the wiser. Standard DH does not provide authentication. This is where the RSA bit will come in handy later.

Ephemeral means that we are doing an ephemeral key exchange and the key generated will only be used for this communication session. This is what provides perfect forward secrecy.

Now back to the RSA bit: RSA can provide authentication by means of asymmetric cryptography. By using private and public keys to secure the messages in the DH protocol, you can prevent these MITM attacks.

Then why isn't RSA and asymmetric crypto used everywhere? Asymmetric crpto functions are computationally expensive to do. It is more efficient to use asymmetric crypto to negotiate a shared secret and used symmetric crypto for the renaming transaction.

CoconutBandit
  • 476
  • 1
  • 3
  • 13
  • Hey, Thank you for the very detailed answer @CoconutBandit. Yet my question remains unsolved. Basic DH key exchange as explained simply by colors, have a specific scheme and flow which does not occur on ECDHE-RSA. I'm willing to understand if the basic DH scheme, as descibed in [link](https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange), is even used in ECDHE-RSA. it seems that ECDHE-RSA is just like AES-RSA but with generating a new key pair for each connection. – JinKazama Oct 26 '16 at 16:43
  • moreover, why do we need a key-exchange mechanism like DH, if the secret generated is encrypted using the server's public key? – JinKazama Oct 26 '16 at 16:56
0

Yes, Elliptic Curve Diffie-Hellman is very much like Diffie-Hellman, but it uses a different math basis for the same "using paint" algorithm.

Classic Diffie-Hellman is a based on Finite Field Cryptography (FFC), with the formula s = mod(exp(mod(exp(g, a), p), b), p) (which produces the same value if a and b are flipped). That's a fairly unfriendly formula.

EC Diffie-Hellman is based on Elliptic Curve Cryptography (ECC), with the formula s = a*b*G, which only requires believing in the commutativity of multiplication to understand why it works (only the X coordinate is used in the end, and... of course, the actual math of multiplying by G is pretty ugly; but both a and b are just (large) integers).

To use the paint colors analogy of classic DH:

  • A common curve is used by both parties. Every "curve" in ECC has an established start point (G=generator); to compare with the Wikipedia picture, call it yellow.
  • Alice has a private key, a, that says how many times to let the Press Your Luck game board advance around the color wheel. The selected color combined with G produces the color peach.
  • Bob has a private key, b. Using the Press Your Luck analogy he gets light blue after combining with G.

Just like the classic DH picture, merging Alice's peach with Bob's secret Press Your Luck color produces the same color as merging Bob's light blue with Alice's secret Press Your Luck color.

For mathy reasons, ECC keys are more "densely secure". So a 160-bit ECC DH key is as secure as a 1024-bit FFC DH key. So it lets the same security go much more quickly, which is why ECDH is replacing DH and ECDSA is replacing DSA. Using the more common secp256r1 curve (which uses 256-bit ECC keys) it gains up to the equivalence of a 3072-bit FFC DH key.

bartonjs
  • 30,352
  • 2
  • 71
  • 111