How can I perform a one-client MITM attack in a Diffie-Hellman key exchange?

mh flag

Suppose we have intercepted a public key exchange (via Diffie-Hellman protocol). In addition to the keys A and B, the generator g and the module p are known.

Assuming that it is possible to exchange keys with client B, once it has finished the conversation with A, how can I obtain the private exponent of B?

I had thought about the "Small subgroup confinement attack", but I'm not sure it's the best way.

Take this challenge (static client) as a reference : Link.
I'm trying to learn, maybe the answer will be trivial!

fgrieu avatar
ng flag
The question is asking about a (permanent) challenge, which is off-topic. Also it's ill-posed: it's about MitM, but the first two sentences are about a passive eavesdropping, which opposes MitM. It's wanted to _"obtain the private exponent"_, of a party, which MitM or small subgroup confinement attack does not allow.
fgrieu avatar
ng flag
Hint: in this CTF, you won't "obtain the private exponent" of either Alice or Bob. You'll obtain the flag encrypted under an AES key derived from a shared secret that you can compute, because you know the private exponent that you used.
I sit in a Tesla and translated this thread with Ai:


Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.