Jump to content

Talk:Diffie–Hellman key exchange

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia

'insecure channel' or ?

[edit]

The second paragraph states:

The Diffie–Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure channel

The linked page defines that an "insecure channel" is "unencrypted and may be subject to eavesdropping and tampering". Since DH doesn't protect against MITM, perhaps we should change this to say 'authentic channel', as "an authentic channel is a means of data transmission that is resistant to tampering but not necessarily resistant to overhearing."? --Raboof (talk) 08:25, 17 January 2023 (UTC)[reply]

DH is not vulnerable to MITM per se

[edit]

the Diffie–Hellman exchange by itself does not provide authentication of the communicating parties and is thus vulnerable to a man-in-the-middle attack.

Given that Diffie–Hellman key exchange is anonymous, the example of a MITM attack between Alice, Bob and Mallory doesn't make sense, because Alice doesn't know who she is talking to!

The example makes sense to me: Alice may think she's talking to Bob (for some reason, for example because either the content or the context of the communication gives that impression), and the fact that with DH she doesn't actually know this is what makes Mallory able to masquerade as Bob. I could agree perhaps "vulnerable" is too strong: since DH isn't intended to protect against this, it seems unfair to classify this lack of protection as a "vulnerability". Perhaps it should be worded "thus does not protect against" instead of "is thus vulnerable to". I think the example is helpful, though. --Raboof (talk) 08:21, 17 January 2023 (UTC)[reply]

I propose a possible improvement to the algorithm explanation graphic, but lack the skills to deliver it

[edit]

I've experimented with reworking the DH algorithm graphics to add a temporal dimension, but I lack the skills and wikipedia experience to turn my ideas into something usable; rather than pollute this page with excessive discussion, I wrote up the concepts at https://alecmuffett.com/article/14750 and would be interested to chat with anyone regarding whether this is actually a better proposal than the extant diagrams. Alecmuffett (talk) 21:14, 30 May 2021 (UTC)[reply]

Please, evaluate to choose the values in the numeric example.

[edit]

There is a method to choose the values, there aren't random. You must choose a prime p, a q which divides p-1 and a generator of order q. In the example, g is not a order q genereator. You can check it with g^q mod p != 1. 5^11 mod 23 != 1. If you choose q=2, it's a example trivial, I suppose you choose q=11. 23-1=22=2*11 — Preceding unsigned comment added by 193.146.209.194 (talk) 09:36, 23 November 2021 (UTC)[reply]

p-1 = 22, and 5^22 = 1 mod 23. So what's wrong with using q=22? DaemonicSigil (talk) 02:10, 14 October 2022 (UTC)[reply]

Salom 84.54.73.215 (talk) 16:56, 29 April 2023 (UTC)[reply]


Incorrect image?

[edit]

The main image on this article I think might be incorrect? My understanding (from this article even) is that a single public key is agreed upon? The image has Bob and Alice each using their public keys. Can someone correct/corroborate me on this? Epachamo (talk) 21:31, 9 December 2023 (UTC)[reply]

Ok, I changed the image and based it on the example in the text. Epachamo (talk) 14:39, 18 December 2023 (UTC)[reply]

Merge proposal

[edit]
The following discussion is closed. Please do not modify it. Subsequent comments should be made in a new section. A summary of the conclusions reached follows.
To improve both articles rather than tho merge; Post-Quantum Extended Diffie-Hellman is suitable for expansion. Klbrain (talk) 09:42, 11 August 2024 (UTC)[reply]

It was proposed over at Talk:Signal Protocol that Post-Quantum Extended Diffie-Hellman might usefully be merge here, for reasons of short text and context. Let's discuss the new proposal here. Klbrain (talk) 14:56, 28 January 2024 (UTC)[reply]

  • In my opinion as an editor, the Post-Quantum Extended Diffie-Hellman (PQXDH) could be extended a bit more. There is more information to put in that article. I don't think they should be merged. Rather that PQXDH should be expanded. Epachamo (talk) 19:01, 29 January 2024 (UTC)[reply]
There is a large gap between PQXDH and good old DH; just merging might not make enough sense. However, I believe we can make the cognitive gap a lot more navigable by getting a good description of PQXDH's predecessor, X3DH, on the DH page. Artoria2e5 🌉 02:42, 21 February 2024 (UTC)[reply]
The discussion above is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

"Diffie–Hellman key exchange" is a confusing and misleading title/term

[edit]

When I first stumbled across "Diffie–Hellman key exchange", the image elicited in my head was that A and B somehow exchange their secret key. I'm quite sure that the same image is elicited in any other person's head on first encountering the term. I appreciate that this is the term first coined for this particular mathematical method.

Proposal: To possibly remedy this dilemma, I suggest to move the content of the page entitled "Diffie–Hellman key exchange" to a new page entitled "Diffie–Hellman key agreement" The original page could then be replaced with a link to the new page, why the term is preferred, and a short description of how the original naming of the term came about. The new page would then only need minimal changes to its introduction.

The German title/term "Diffie-Hellman-Schlüsselaustausch" suffers from the same problem and a corresponding change should be done with the German Wikipedia pages: "Diffie-Hellman-Schlüsselaustausch" → "Diffie-Hellman-Schlüsselvereinbarung".

I would be willing to propose the exact changes necessary if there is agreement to follow above proposal. AliBabbaD (talk) 15:20, 1 September 2024 (UTC)[reply]

Diffie-Hellman key agreement is an established term in the literature, though Diffie-Hellman key exchange is more common. The Wikipedia approach would be to list both terms in the introduction and to use a redirect, which points to the same page (Diffie-Hellman key agreement is already a redirect). An explanation of why a term is to be preferred is a violation of WP:NPOV, unless it is a description of a notable expert opinion with citation. --Matthäus Wander (talk) 16:00, 1 September 2024 (UTC)[reply]
One expert's, or ten experts', preference wouldn't equate to "is preferred". If the "exchange" version is more common, that implies the net preference among those referring to the technology. It would be another thing to say the "exchange" version is less accurate. Largoplazo (talk) 17:42, 1 September 2024 (UTC)[reply]
I understand your point about "is preferred". I would then say "... could then be replaced with a link to the new page, why the term is more meaningful, and a short description of how the original naming of the term came about" (Diffie-Hellman key agreement would obviously cease to be a redirect). AliBabbaD (talk) 20:59, 1 September 2024 (UTC)[reply]
Well, maybe. When there's a choice to make, an article's title is chosen based on the WP:COMMONNAME guidelines. Ordinarily, that's the most used term. If "... exchange" is the predominating usage, then the article is already at the prescribed title unless there's a consensus that there's another term, also in common use, that causes fewer problems for the reader. Largoplazo (talk) 21:31, 1 September 2024 (UTC)[reply]
"Diffie–Hellman exchange for key agreement" may better express the method in question but would not be a commonly recognisable name for the article.Diffie-Hellman key agreement expresses the method nearly as well given that an exchange usually precedes an agreement.
Diffie-Hellman key exchange, however, would evoke the image that A and B somehow exchange their secret keys in any reader's head that is not yet familiar with the subject. Just imagine yourself to be a reader who is not yet familiar with the subject; Would you, on encountering Diffie-Hellman key exchange, not think that A and B somehow exchange their secret keys?
I hope this reasoning suffices to bring about a consensus. AliBabbaD (talk) 11:27, 2 September 2024 (UTC)[reply]
Witness the following dialog with ChatGPT …
I: Who gave the method "Diffie-Hellman key exchange" its name and when did this happen?
ChatGPT: The "Diffie-Hellman key exchange" method was named after its inventors, Whitfield Diffie and Martin Hellman. They introduced the method in their seminal paper titled "New Directions in Cryptography," which was published in November 1976.
The naming likely occurred as the method became widely recognized in the cryptographic community following the publication of this paper. While the exact moment the method received its name isn't precisely documented, it is common practice in academic and technical communities to name significant contributions after their inventors or authors soon after their discovery or publication. Therefore, the term "Diffie-Hellman key exchange" would have gained prominence in the late 1970s.
I: When was the name "Diffie-Hellman key agreement" first used?
ChatGPT: The term "Diffie-Hellman key agreement" was first used in the 1980s, as the concept evolved and the terminology around it became more precise. The original paper by Whitfield Diffie and Martin Hellman in 1976 described the mechanism as a method of secure key exchange. As the cryptographic community continued to develop and refine the protocol, the term "key agreement" became more commonly used to reflect the protocol's purpose more accurately.
While the exact date or publication where "Diffie-Hellman key agreement" was first used is not definitively recorded, it is clear that by the mid-1980s, the term had become standard in the cryptographic literature. This shift in terminology helped emphasize that both parties in the communication process contribute to the creation of a shared secret, rather than one party simply "exchanging" a key with the other. AliBabbaD (talk) 11:55, 2 September 2024 (UTC)[reply]
If the process is in fact most commonly known today as "... agreement", as you imply when you say by the mid-1980s, the term had become standard in the cryptographic literature, then that is the title we should be using, regardless of what it was named originally. Largoplazo (talk) 12:18, 2 September 2024 (UTC)[reply]
The plant known as "Jerusalem artichoke" is neither an artichoke nor from Jerusalem, but it is nevertheless most commonly known as Jerusalem artichoke and, therefore, that's what the article is named. If you were to argue that we should name the article something more accurate out of concern for confusing the reader, I would say that (a) we'd be confusing them more by calling the thing something other than the name by which it's known and (b) if you're determined that the world be educated as to what's wrong with the plant's existing name, changing the title of the Wikipedia article about it is about as ineffective way to do that as can be imagined. You'd need to initiate a worldwide campaign to persuade people to stop calling it by that inaccurate name first. If you succeeded, then Wikipedia would align itself with the new normal. Largoplazo (talk) 12:15, 2 September 2024 (UTC)[reply]
Given that your reply to my previous contribution (AliBabbaD (talk) 11:55, 2 September 2024 (UTC)) was 3 minutes later than this one I assume that you now agree with me that we should be using the "... agreement" title.
How do we take it from here? AliBabbaD (talk) 15:40, 2 September 2024 (UTC)[reply]
I agree if your assertion as to which term is more common is correct. Until I saw you say it, it wasn't the impression that I'd been given. It'd be best if we had a consensus to that effect, bringing in evidence if necessary to achieve it.
At this point, the logical next step would be to initiate a formal move discussion following the instructions for a potentially controversial move at WP:Requested moves and pursue this there, referencing the preceding discussion here in the move nomination for context. Largoplazo (talk) 15:58, 2 September 2024 (UTC)[reply]
Just to back up the claim that I made earlier, the dialog with ChatGPT continues
I: What is the evidence for the assertion that the term "key agreement" became more commonly used?
ChatGPT: The assertion that the term "key agreement" became more commonly used over time, particularly in the cryptographic community, is supported by several factors:
  1. Evolving Cryptographic Standards: As cryptographic protocols became standardized, terminology evolved to reflect more precise meanings. The term "key agreement" started to be favored in standards and technical documents because it accurately described the process where both parties collaboratively agree on a shared secret, rather than merely "exchanging" it. This is evident in standards such as those from the National Institute of Standards and Technology (NIST) and ISO/IEC.
  2. Cryptographic Literature: Over the years, as more research papers and textbooks were published on cryptography, the term "key agreement" was increasingly used in the titles and texts. Authors began to distinguish between "key exchange" (which could imply one-way transfer of a key) and "key agreement" (which emphasizes mutual contribution to the key).
  3. Protocols and Algorithms: As new cryptographic protocols were developed, the term "key agreement" was used to describe processes where both participants have an active role in determining the final key. This distinction became important as other protocols and variations (e.g., authenticated key agreement protocols) were introduced.
  4. Historical Usage: The earliest mentions of "key agreement" in the literature can be traced back to the early 1980s, shortly after the introduction of the Diffie-Hellman protocol. For example, papers and books from this period start to make a clearer distinction between different types of key management protocols, and "key agreement" becomes more frequent in these discussions.
While it is difficult to pinpoint a single piece of evidence that marks the exact moment when "key agreement" overtook "key exchange" in popularity, the trend is observable in the growing use of the term in cryptographic standards, literature, and educational materials throughout the 1980s and 1990s. This shift reflects the community's move towards more precise and accurate descriptions of cryptographic processes. AliBabbaD (talk) 16:41, 2 September 2024 (UTC)[reply]
Do not ever bother seeing what AI has to say about anything.
I once saw a question online from someone who was trying to identify a card game given only that the 7 card is assigned the value 5. I decided to submit the question to ChatGPT 3.5:
I asked "Is there a card game that assigns a point value of 5 to the 7 card?"
It responded "Yes, in the card game Euchre, the 7 card of the trump suit is assigned a point value of 5. Euchre is typically played with a standard deck of 24 cards (including the 9, 10, J, Q, K, and A of each suit) and is popular in certain regions of the United States and Canada. The objective of the game is to be the first team to reach a predetermined number of points, usually 10 or 11."
Euchre doesn't assign point values to cards, and if it's played only with cards 9, 10, J, Q, K, and A, then where would the 7 card come into it anyway? So I typed "That's incorrect."
The AI responded "I apologize for the mistake. There is no card game that universally assigns a point value of 5 to the 7 card. ... Thank you for pointing out the error, and I appreciate the opportunity to correct it."
I came back a couple of days later, posed the same question, and got pretty much the same initial response. ChatGPT isn't even programmed to learn from its own mistakes. But, on the other hand, somehow it had the resources it needed, after I told it that it was wrong, to satisfy itself sufficiently that that was true to respond as it did.
Bottom line: AI is an abominably poor source of information. Largoplazo (talk) 16:57, 2 September 2024 (UTC)[reply]
Retrieved from "https://en.wikipedia.org/w/index.php?title=Talk:Diffie–Hellman_key_exchange&oldid=1243643168"