DH Finding A Public Key from Public key and shared secret

Wesley Jones

4/21/24, 11:31 AM

Is there a known feasible method for determining an unknown public key from a Diffie Helman shared secret and the other public/private key pair?

This would be rarely useful, but I am curious if the DH operation is 'invertible' given the derived secret and private/public key of one party.

So if the shared secret (which is known to the attacker) was directly used to encrypt data, and the local key pair is known to the attacker, but the receiver's public key is not, can the attacker determine the receiver's public key?

1 + 1

cryptanalysis

key-exchange

diffie-hellman

fgrieu

4/21/24, 12:09 PM

Note: "shared secret directly used to encrypt data" is likely to explain that shared secret is known, rather than needed. \[Edit: As pointed in [poncho's answer](https://crypto.stackexchange.com/a/106206/555), this can be done regardless of group by a passive attacker\].

Score:1

Crypto

poncho

4/21/24, 2:31 PM

Is there a known feasible method for determining an unknown public key from a Diffie Helman shared secret and the other public/private key pair?

If you have the full shared secret that the Diffie Hellman generates (it is usually sent through a KDF before we do anything with it; we need the full value), and if you have one side's private key, you can, in fact, recover the other side's public key.

How this works is fairly simple (and I'll assume a Finite Field DH operation here; it also works with an Elliptic Curve group): we usually do DH over a prime sized subgroup; I'll call the size of the subgroup $q$,

Now, the relation to get from peer's public key to the shared secret is:

$$SharedSecret = Pubkey ^ {PrivKey}$$

where $Pubkey$ is the peer's public key, $PrivKey$ is your private key, and $SharedSecret$ is the DH shared secret.

So, to invert this, you compute:

$$Pubkey = SharedSecret^{PrivKey^{-1} \bmod q}$$

where $PrivKey^{-1} \bmod q$ is the multiplicative inverse of your private key (modulo the size of the subgroup), and there you go.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: DH Finding A Public Key from Public key and shared secret

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.