Score:0

What E means in Diffie Hellman protocol?

eg flag

I was looking for an example of protocol to verify user's identity using Diffie Hellman which works like this:

  • client sends: $g^x$, ID-Number
  • server responds with: $g^y$, $E_H_{pwd} challenge$
  • client responds with: challenge

I understand that g^x, g^y are Diffie Hellman keys, plus it's given that H is a hash function and pwd is the user's password but what does E mean here?

enter image description here

schroeder avatar
cn flag
where did you get that screenshot from?
kelalaka avatar
in flag
You should tell us where did you get this. You might be right about encryption since it is common to write the key as sub index.
kelalaka avatar
in flag
Could you provide a link to the source of the image ( It is better to be a paper) by [edit]ing your question?
Score:1
my flag

$E_{H_{\text{pwd}}} (\text{challenge})$

This is a symmetric encryption of the challenge, using a hash of the password as the key.

That said, this protocol isn't that great if the password has weak entropy (which human entered passwords tend to have). If there is an eavesdropper, he will hear both the plainext $\text{challenge}$ and the corresponding ciphertext $E_{H_{\text{pwd}}} (\text{challenge})$; what he can do is go through his dictionary of passwords, and for each one, hash it, attempt to decrypt the ciphertext, and see if he gets the known plaintext.

Omer avatar
eg flag
How did you know that it's symmetric? it could be non-symmetric as well...
Manish Adhikari avatar
us flag
@Omer. In non symmetric settings $H({pwd})$ would be the public key whose private key is only known by the owner. Unless for Identity Based Encryption in which you define $H$ as the function that obtains someone''s public key from the identity and $pwd$ as the said identity, I cannot see how it can be non symmetric
Score:1
ru flag

$E$ is a keyed symmetric encryption function such as AES or CHACHA. The hash of the password is being used as the key of the encryption function and "challenge" is being used as the plaintext. The client can recover the challenge value because they know their password and can hash it to retrieve the symmetric key and decrypt. This would be hard for anybody that does not know (or cannot work out) the hash of the client's password.

Omer avatar
eg flag
How did you know that it's symmetric? it could be non-symmetric as well...
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.