Bob has a secret and Alice has the same secret. Why can’t they create a shared encryption key based on their secrets? Well, they can do this with Password Authentication Key Exchange (PAKE). So, let’s look at a simple method using discrete logs, and then we will convert it to elliptic curve methods. While discrete logs have been used in the past for Diffie-Hellman key exchange methods, we are increasing moving towards elliptic curve implementations.
SPEKE (Simple Password Exponential Key Exchange) — Discrete Logs
SPEKE (Simple Password Exponential Key Exchange) supports password-authenticated key agreement. Bob and Alice share a secret password (π) and a shared prime number (p). This password then hashed and used to determine a generator (g):
g=H(π)² (mod p)
The square function of the hash makes sure that g is a generator for the prime number p. After this, we can use a standard Diffie-Hellman type exchange. For this, Alice generates a random number a and Bob generates a random number b. Alice then sends:
A=g^a (mod p)
and Bob sends:
B=g^b (mod p)
Alice computes the shared key as:
K1=B^a(mod p)
and Bob computes the shared key as:
K2=A^b (mod p)
The resulting key is:
K=B^a(modp)=(g^b(mod p))^a (mod p)=g^{ab}(mod p)
The code is [here]:
import sys
import hashlib
import randomfrom Crypto.Util.number import getPrime
from Crypto.Random import get_random_bytesprimebits=64
pi = "HellHe"if (len(sys.argv)>1):
primebits=int(sys.argv[1])
if (len(sys.argv)>2):
pi=(sys.argv[2])
p = getPrime(primebits, randfunc=get_random_bytes)
g=pow(int(hashlib.sha1(pi.encode()).hexdigest(), 16),2,p)a = random.randint(0, p-1)
b = random.randint(0, p-1)Alice_to_send = pow(g,a,p)
Bob_to_send = pow(g,b,p)AliceK= pow(Bob_to_send,a,p)
BobK= pow(Alice_to_send,b,p)print ("Password: ",pi)
print ("g: ",g)…
