Join Log in
Score:0
Algo avatar Crypto

What E means in Diffie Hellman protocol?

eg flag
Algo

I was looking for an example of protocol to verify user's identity using Diffie Hellman which works like this:

  • client sends: $g^x$, ID-Number
  • server responds with: $g^y$, $E_H_{pwd} challenge$
  • client responds with: challenge

I understand that g^x, g^y are Diffie Hellman keys, plus it's given that H is a hash function and pwd is the user's password but what does E mean here?

enter image description here

58
0 + 0
schroeder avatar
cn flag
schroeder
where did you get that screenshot from?
1
Reply
kelalaka avatar
in flag
kelalaka
You should tell us where did you get this. You might be right about encryption since it is common to write the key as sub index.
0
Reply
kelalaka avatar
in flag
kelalaka
Could you provide a link to the source of the image ( It is better to be a paper) by [edit]ing your question?
0
Reply
Score:1
poncho avatar Crypto
my flag
poncho

$E_{H_{\text{pwd}}} (\text{challenge})$

This is a symmetric encryption of the challenge, using a hash of the password as the key.

That said, this protocol isn't that great if the password has weak entropy (which human entered passwords tend to have). If there is an eavesdropper, he will hear both the plainext $\text{challenge}$ and the corresponding ciphertext $E_{H_{\text{pwd}}} (\text{challenge})$; what he can do is go through his dictionary of passwords, and for each one, hash it, attempt to decrypt the ciphertext, and see if he gets the known plaintext.

0 + 0
Omer avatar
eg flag
Omer
How did you know that it's symmetric? it could be non-symmetric as well...
0
Reply
Manish Adhikari avatar
us flag
Manish Adhikari
@Omer. In non symmetric settings $H({pwd})$ would be the public key whose private key is only known by the owner. Unless for Identity Based Encryption in which you define $H$ as the function that obtains someone''s public key from the identity and $pwd$ as the said identity, I cannot see how it can be non symmetric
0
Reply
Score:1
Daniel S avatar Crypto
ru flag
Daniel S

$E$ is a keyed symmetric encryption function such as AES or CHACHA. The hash of the password is being used as the key of the encryption function and "challenge" is being used as the plaintext. The client can recover the challenge value because they know their password and can hash it to retrieve the symmetric key and decrypt. This would be hard for anybody that does not know (or cannot work out) the hash of the client's password.

0 + 0
Omer avatar
eg flag
Omer
How did you know that it's symmetric? it could be non-symmetric as well...
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.