Diffie-Hellman session key exchange

[jchd]

Here's a sample implementation of the protocol. It's used to establish a common session key between two (or more) parties over an unsecure channel.

As it is, the protocol is not immune to a man-in-the-middle attack, but it's easy to protect against that kind of nuisance: simply hash-sign messages with a previously pre-established common secret key.

SessionKey.au3

[Rurorita]

This is nice. Just want to say thanks for the contribution. I coded something similiar where each client gets its own key issued by the server. And i was already thinking about the issue with man in the middle attacks and just didnt come up with anything. hash signing might be it.

[jchd]

Defeating MITM attack can be done relatively efficiently, but always require parties to establish a previous common convention.

Say you Rurorita and me jchd want to exchange secretly. I've snail-mailed you the following:

Dear Rurorita,                                                                             mardi 27 avril 20jchd21
I look forward meeting you face to face. Until then let's talk together using my DH UDF and let's hash our DH exchanges with SHA2. The hash keys could be the personalized date of our exchanges. Engage brain and let's try it right now!
Warm regards.

You can infer we're going to use the current GMT date in French with the century followed by our own pseudo as SHA2 passphrase. Today I'll be using mercredi 12 mai 20jchd21 and you'll use mercredi 12 mai 20Rurorita21. Such a convention is simple to use and strong enough, well, unless your real name is Snowden and mine Navalny. We can even change this convention during our first secret exchange or any time later.

The shield to use always depends on the worst kind of bullet you can reasonably expect to be thrown at you and the value of the secret, thing or person behind the shield.

[Rurorita]

This sounds interesting. But it could require that both sides know some form of identifier of the other side. Or if not then that both sides just know the position of the string and do some changes to that (mardi 27 avril 20jchd24 -> mercredi 12 mai 20Rurorita21) to prevent the attacker from just trying every word combination. He would also need to know the algorhytm then that processes the string to what the password then will be.

In the worst case someone has direct access to either the client or the server and can from there on decipher everything easiely.

I am going to think about it

[argumentum]

 the version with _BigNum_PowerMod() is there

[jchd]

Thanks for pointing that out, I've lost track of if/when that version was actually made part of the standard setup. That's why I posted the code of that function as well for those requiring it.

If someone needs a prime test, one can use the code below. In fact it's a compositeness test:

expandcollapse popup

#include "..\Include\bignum.au3"    ; my own modified version which includes _BigNum_PowerMod (copied below)

; crude _BigNum implementation of probabilistic Miller-Rabin compositeness test

Global Const $iIter = 25    ; number or iterations of the test

; number to test: here make it >= 100 else the test might fail
Local $candidate = "4547337172374198670486519816108044840340489609"

ConsoleWrite($candidate & " is " & (_IsBigNumComposite($candidate) ? "composite." : "prime with probalitity " & 1 - 0.25 ^ $iIter) & @LF)

Func _IsBigNumComposite($n)
    If $n = "0" Or $n = "1" Then Return True    ; technically speaking, $n is not prime
    If $n = "2" Then Return False   ; 2 is always a poison in prime operations!
    If Mod(StringRight($n, 1), 2) = 0 Then Return True
    Local $n_1 = _BigNum_Sub($n, "1")
    Local $t, $q = $n_1
    While Mod(StringRight($q, 1), 2) = 0    ; while $q even
        $t += 1
        $q = _BigNum_Div($q, 2)
    WEnd
    Local $a, $e, $b, $any
    For $c = 1 To $iIter    ; 10 test rounds are enough for demonstration purposes. 25 rounds are safer.
        $a = String(Random(2, 100, 1))      ; the range upper bound doesn't really matter as long as it is < $n
        $b = _BigNum_PowerMod($a, $q, $n)
        If $b <> "1" Then
            For $e = 1 To $t
                If $b = $n_1 Then ContinueLoop
                $b = _BigNum_Mod(_BigNum_Mul($b, $b), $n)
            Next
            If $b <> $n_1 Then Return True
        EndIf
    Next
    Return False
EndFunc


#cs

; #FUNCTION# ;====================================================================================
;
; Name...........: _BigNum_PowerMod
; Description ...: Modular Exponentiation Mod($n^$e, $k)
; Syntax.........: _BigNum_Pow($n, $e, $k)
; Parameters ....: $n - Positive StringNumber: Digits"0"..."9"
;                  $e - Positive StringNumber: Exponent
;                  $k - Positive StringNumber: Modulus
; Return values .: Success - Result Mod($n^$e, $k)
;                  Failure - -1, sets @error to 1 if $n is not a positive valid StringNumber
;                            -1, sets @error to 2 if $e is not a positive valid StringNumber
;                            -1, sets @error to 3 if $k is not a positive valid StringNumber
; Author ........: jchd
; Date ..........: 17.12.13
; Remarks .......: Fractional exponents not allowed - use BigNum_n_root instead.
; ;===============================================================================================
Func _BigNum_PowerMod($n, $e, $k)
    If Not __BigNum_IsValid($n) Then Return SetError(1, 0, -1)
    If Not __BigNum_IsValid($e) Then Return SetError(2, 0, -1)
    If Not __BigNum_IsValid($k) Then Return SetError(3, 0, -1)

    Local $res = "1"

    While $e <> "0"
        If Mod(StringRight($e, 1), 2) Then
            $res = _BigNum_Mod(_BigNum_Mul($res, $n), $k)
            $e = _BigNum_Sub($e, "1")
        EndIf
        $n = _BigNum_Mod(_BigNum_Mul($n, $n), $k)
        $e = _BigNum_Div($e, "2")
    WEnd

    Return $res
EndFunc   ;==>_BigNum_PowerMod

#ce