AKE Protocols Based on Diffie-Hellman

Let’s learn about the authentication protocol that is based on Diffie-Hellman.

Although the basic Diffie-Hellman protocol we described doesn’t provide authentication, there are many different ways in which it can be adapted to do so.

We now describe one way of building authentication. The station-to-station (STS) protocol makes an additional assumption that Alice and Bob have each established a long-term signature/verification key pair and have had their verification keys certified. A simplified STS protocol proceeds as follows (where all calculations are modulo pp):

  1. Alice randomly generates a positive integer aa and calculates gag^a. Alice sends gag^a to Bob along with the certificate CertACertA for her verification key.

  2. Bob verifies CertACertA. If he is satisfied with the result, then Bob randomly generates a positive integer bb and calculates gbg^b. Next, Bob signs a message consisting of Alice’s name, gag^a and gbg^b. Bob then sends gbg^b to Alice along with the certificate CertBCertB for his verification key and the signed message.

  3. Alice verifies CertBCertB. If she is satisfied with the result, then she uses Bob’s verification key to verify the signed message. If she is satisfied with this too, she signs a message consisting of Bob’s name, gag^a, and gbg^b, which she then sends back to Bob. Finally, Alice uses gbg^b and her private key aa to compute (gb)a(g^b)^a.

  4. Bob uses Alice’s verification key to verify the signed message he has just received. If he is satisfied with the result, then Bob uses gag^a and his private key bb to compute (ga)b(g^a) ^b.

This protocol is shown in the illustration below:

Get hands-on with 1400+ tech skills courses.