Bob has a secret and Alice has the same secret. Why can’t they create a shared encryption key based on their secrets? Well, they can do this with Password Authentication Key Exchange (PAKE). So, let’s look at a simple method using discrete logs, and then we will convert it to elliptic curve methods. While discrete logs have been used in the past for Diffie-Hellman key exchange methods, we are increasing moving towards elliptic curve implementations.

## SPEKE (Simple Password Exponential Key Exchange) — Discrete Logs

SPEKE (Simple Password Exponential Key Exchange) supports password-authenticated key agreement. Bob and Alice share a secret password (*π*) and a shared prime number (*p*). This password then hashed and used to determine a generator (*g*):

*g*=*H*(*π*)² (mod *p*)

The square function of the hash makes sure that *g *is a generator for the prime number *p*. After this, we can use a standard Diffie-Hellman type exchange. For this, Alice generates a random number *a* and Bob generates a random number *b*. Alice then sends:

*A*=*g^a *(mod *p*)

and Bob sends:

*B*=*g^b *(mod *p*)

Alice computes the shared key as:

*K*1=*B^a*(mod *p*)

and Bob computes the shared key as:

*K*2=*A^b *(mod *p*)

The resulting key is:

*K*=*B^a*(mod*p*)=(*g^b*(mod *p*))^*a *(mod *p*)=*g^{ab*}(mod *p*)

The code is [here]:

import sys

import hashlib

import randomfrom Crypto.Util.number import getPrime

from Crypto.Random import get_random_bytesprimebits=64

pi = "HellHe"if (len(sys.argv)>1):

primebits=int(sys.argv[1])

if (len(sys.argv)>2):

pi=(sys.argv[2])

p = getPrime(primebits, randfunc=get_random_bytes)

g=pow(int(hashlib.sha1(pi.encode()).hexdigest(), 16),2,p)a = random.randint(0, p-1)

b = random.randint(0, p-1)Alice_to_send = pow(g,a,p)

Bob_to_send = pow(g,b,p)AliceK= pow(Bob_to_send,a,p)

BobK= pow(Alice_to_send,b,p)print ("Password: ",pi)

print ("g: ",g)…