How Whitfield Diffie helped Bob and Alice cheat Eve



    Many experts believe that the Diffie concept is still the biggest step forward in the history of cryptography. In 1976, Whitfield Diffie and his co-author, Stanford Professor Martin Hellman, published the scientific paper New Directions in Cryptography. The study presented a key exchange algorithm, which is still widely used in cryptographic applications.

    The problem that Diffie and Hellman managed to solve can be illustrated by the example of Alice and Bob ( archetypes in cryptography). Imagine that Alice needs to send a paper letter to Bob, but she knows that the employee of the post office Eve is peeping in correspondence. To prevent this, Alice puts the letter in an iron box, closes it with a lock and sends it to Bob. But how will Bob open the drawer?



    Bob was helped by Diffie and Hellman, proposing his "exponential key exchange method." Having received a closed box from Alice, Bob will hang another lock on it and send it back, where Alice will remove her lock and send the box to Bob for the second time, which this time will have a key. This simple story changed all the axioms of cryptography that existed at that time and showed how two people can transmit a secret message without exchanging keys. In practice, everything turned out to be somewhat more complicated, since existing algorithms still require the removal of ciphers in the order in which they were applied. But the idea with the box prompted researchers to search for a solution that was found using one-way functions.

    The principle of the Diffie-Hellman algorithm for the example of paint cans can be found in the figure below orvideo Art of the Problem. Alice and Bob manage to agree on a secret color, which is the key to the cipher, so that Eva (a curious postal worker) could not get it.



    Today, an improved version of the Diffie-Hellman algorithm is used in many services, however, in recent years, to avoid MITM attacks, additional methods of one-way or two-way authentication are used.

    In addition to a lot of research in the field of information security, Whitfield Diffie is famous for his statements, in particular about the fundamental flaws of security and control systems that can easily turn into weapons aimed at their creators.

    In his articlein Scientific American magazine, Diffie wrote that police surveillance of the Internet, as opposed to better protection of the computers that inhabit it, can be a very unreliable and treacherous means. For there are no guarantees that government monitoring tools can be made much safer than the computers for which they are designed to protect. And if so, then there is a very serious risk that the controls may be compromised or used against those authorities that created and deployed them. Viruses raging on the Internet can capture not only the machines that are being monitored, but also computers involved in police surveillance.

    If the words didn’t help, the American cryptographer, who celebrated his 70th birthday last year, was always ready in practice to demonstrate personal dissatisfaction with the modern attitude towards privacy. In 2013, at PopTech, Diffie, like all conference participants, was given an electronic badge with wired information about the owner: everyone could instantly receive information about the rest. Considering this a violation of his rights, Whitfield hacked his badge and put the device into sleep mode, and then the badge began to “put to sleep” all the other nTag that were within reach.

    May 26, Whitfield Diffie will speak at the Positive Hack Days forum hosted by Positive Technologies. One of the founders of asymmetric encryption and advisor to the venture capital fund Almaz Capital Partners will hold a teleconference and during a speech will answer the most interesting questions of the forum participants. Send your questions to phd@ptsecurity.com or leave here in the comments.

    Also popular now: