Jump to content
Welcome, welcome! Come in and register, and have some developer coffee. 👨‍💻 ×

Replacing RSA encryption with modified Diffie Hellman Key Exchange symmetric key


Recommended Posts

Disclaimer:
This topic will assume that the reader have basic understandings with RSA, Diffie Hellman KX and symmetric encryption.

Majority of the time, RSA was vastly used in public key digital signature rather than encryption.

Drawbacks of RSA if it's used in actual encryption/decryption of data
1. Encrypting data with RSA is consider quick, however the time needed to decrypt the data encrypted with RSA is quite slow, for details refer to this link (https://www.javamex.com/tutorials/cryptography/rsa_key_length.shtml). 

2. If anyone would want to use RSA for actual encryption/decryption, they will need to deal with an extra problem.. what exactly is it ..? Let's assume that the data is 8192 bits long in length, in symmetric encryption algorithm like AES, it takes only 128 bits data as input and output it as cipher text or encrypted text, AES split the data into chunks and encrypt/decrypt them automatically under its algorithm. However, in RSA the process of splitting the data into chunks(The RSA input length was determine by its key size for example, if you use 2048 bits RSA, you can only encrypt/decrypt data that has maximum length of 2048 bits) was not automatic, developers need to implement their own logic to separate the data into chunks then perform encryption/decryption.

3. RSA keys are designed to last for certain duration like 1-2 years, this seems good. However, it can't support certain cryptographic characteristics which is forward secrecy. Forward secrecy refers to user A and server have an encrypted channel that created through DFKX, instead of user A and server keep on communicating through the same master symmetric key, they will be using key that derived from the master symmetric key(Key Derivation Function/KDF).

In actual modern world forward secrecy was used rather than keep on communicating through a single master key, refers to this link(https://www.coengoedegebure.com/surviving-an-infosec-job-interview-cryptography/)'s What's forward secrecy image.

There's a difference between perfect forward secrecy and forward secrecy.. unless people here are interested, otherwise, I won't be explaining what's the difference between forward secrecy and perfect forward secrecy(Only exists in End to End encryption).

Why is Diffie Hellman KX better in performing encryption/decryption rather than RSA?
Diffie Hellman enables 2 parties to create the same symmetric key without giving any secrets in public. Symmetric key or symmetric encryption does not have the drawbacks described in RSA. 

The problem with using Diffie Hellman KX symmetric key in performing encryption/decryption
DFKX is designed to enable 2 parties to communicate securely and privately by creating the same symmetric key without giving any secrets in public. However, if user A wants server to not able to read the message.. It seems that this is not ideal.. How do we solve it..?

Replacing RSA with DFKX
To replace RSA with DFKX.. Something .. need to be changed.. 

In normal DFKX, this was done:
1. User generates DFKX keypair(public and private)
2. Server generated DFKX keypair(public and private)
3. User and Server each share their own DFKX keypair's public key
4. Create same symmetric key by taking other's public key and combine it with their own keypair's private key

To achieve RSA style encryption(server can't decrypt but can encrypt), this needs to be done
[Block Cipher]
1. User generates DFKX keypair(public and private)
2. User stores their DFKX keypair's private key secretly and securely
3. User sends their DFKX keypair's public key to server
4. Server generates one time DFKX keypair
5. Server create symmetric key by taking the user's public key and combine it with its keypair's private key
6. Server encrypt the data that user send by using the created symmetric key
7. Server removes the symmetric key and its own keypair's private key
8. Server concatenate its keypair's public key to the encrypted message
9. Server stores the encrypted message or sends it back to the user.

[Stream Cipher]
1. User generates DFKX keypair(public and private)
2. User stores their DFKX keypair's private key secretly and securely
3. User sends their DFKX keypair's public key to server
4. Server generates one time DFKX keypair
5. Server create symmetric key by taking the user's public key and combine it with its keypair's private key
6. Server create "Nonce- Number used once" by performing hashing/KDF (Nonce=Hash/KDF[Server public Key + User public Key])
7. Server encrypt the data that user send by using the created symmetric key and the created nonce
8. Server removes the symmetric key and its own keypair's private key
9. Server concatenate its keypair's public key to the encrypted message
10. Server stores the encrypted message or sends it back to the user.

Modified DFKX is great when both confidentiality and speed are main concern. However, if you want extra confidentiality.., just encrypt the message before sending to server for process.. 😂😝

(If people wanna know more feel free to comment below, if I know the answer to your questions I will reply it :P)

  • Love 1
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...