...

Sat Dec 5 19:03:46 PST 1998

> My friend needs a website with explanations of PK cryptography
> and related interesting protocols. I have Schneier's book but she
> lives far from me and the book is too long for her to read.
> 
> Any suggestions for something on the Web?

This does not fully explain the protocols, but an explanation of RSA is
available at John Young's Cryptome.

http://jya.com/whprsa.htm

Download it, though, because it was one of the files relating to Bill Payne
which will most likely be deleted when he gets his own web page up as promised.

Diffie-Hellman and NSA's Key Exchange Algorithm need no URLs --

Diffie-Hellman was designed by Whitfield Diffie and Martin Hellman, and its
publication sparked public-key cryptography (and received a standing ovation
when presented).

The Key Exchange Algorithm (KEA) is an NSA "type II" algorithm used in the
Defense Messaging System. It was kept classified until recently. Schneier
mentions in his CRYPTO-GRAM newsletter that problems with making
tamper-resistant hardware carrying the algorithm may have led to its release.

The devices are named A and B. Brackets represent a value's "owner."

Diffie-Hellman:

Both: Retrieve public values g and p.
   A: Chooses a random secret value x[A].
      Calculates X[A]=g^x[A] mod p.
      Sends X[A] to B.
   B: Chooses a random secret value x[B].
      Calculates X[B]=g^x[A] mod p.
      Sends X[B] to A.
   A: Raises value received from B to the x[A] power and uses this to calculate
      the key.
   B: Raises value received from A to the x[B] power and uses this to calculate
      the key.

KEA:

(this is a modified version of an old post to Cypherpunks)

Constants:
p: 1024-bit prime modulus
q: 160-bit prime divisor of p-1
g: 1024-bit base

Secret user-dependent values:
x: 160-bit random key
r: 160-bit random key

Public user-dependent values:
Y: g^x mod p
R: g^r mod p

z(x, y) represents KEA threshing.

1  A->B: Y[a]
2  B->A: Y[b]
3  A->B: R[a]
4  B->A: R[b]
5  A   : (Y[b])^q mod p = 1? If not, stop; (R[b])^q mod p = 1? If not, stop;
         Are Y[b] and R[b] between 1 and p? If not, stop.
6  B   : (Y[a])^q mod p = 1? If not, stop; (R[a])^q mod p = 1? If not, stop;
         Are Y[a] and R[a] between 1 and p? If not, stop.
7  A   : t[ab]=(Y[b])^r[a] mod p; u[ab]=(R[b])^x[a] mod p
8  B   : t[ab]=(R[a])^x[b] mod p; u[ab]=(Y[a])^r[b] mod p
9  A   : (t[ab]+u[ab]) mod p = 0? If so, stop; if not, Key=z(t[ab],u[ab])
10 B   : (t[ab]+u[ab]) mod p = 0? If so, stop; if not, Key=z(t[ab],u[ab])

Zero-Knowledge Protocols:
http://www.tcm.hut.fi/Opinnot/Tik-110.501/1995/zeroknowledge.html

RSA Data Security's RSA Labs on protocols:
http://www.rsa.com/rsalabs/faq/html/7.html

> 
> thanks
> 
> igor