Cryptography Reference
In-Depth Information
key 160 bits long: Alice has the number xA , Bob has the number xB . As before,
Alice sends YA
g xB mod p to Alice.
However, xA and xB are fixed, similarly to the SKIP example. Either one of
them creates 160-bit random numbers, rA and rB , especially for that session
and sends RA = g rA
g xA mod p to Bob, and Bob sends YB
=
=
mod p and RB = g rB
mod p , respectively, to the other
party. Next, Alice computes
tAB = (YB) rA modp=g xB rA
mod p and
uAB = (RB) xA modp=g rB xA
mod p.
( YA ) rB mod p ,
i.e., the same numbers: tAB = tBA , uAB = uBA . Next, both parties create
( RA ) xB
Analogously, Bob computes tBA =
mod p and uBA =
w = (tAB + uAB) mod p
where w is the joint secret. It is created by the fact that each party links its
random secret key, xA ( xB ), with the fixed public key, YB ( YA ), of the other
party, and links its fixed secret key with the random public key of the other
party.
The two parties can now take the same bits from w to get their session key.
The NSA obviously found this to be too risky. Using Skipjack, it derives the
session key by a relatively complicated method:
First of all, the 80 most significant bits are taken from the 1024 bits of
w ; they form the number v 1; the next 80 bits form v 2.
v 1 is XORed with a fixed 80-bit number, pad ( pad has the value 0x72f1a
87e92824198ab0b). The result, kv , serves as key for Skipjack.
Skipjack and key kv are used to cipher the most significant 64 bits of v 2
twice, producing the 64 most significant bits of the session key.
The 16 least significant bits of the session key are equal to the 16 least
significant bits of v 2, XORed with the 16 most significant bits of the
result produced by the first Skipjack cipher.
Figure 6.1 shows a schematic view of this procedure.
Search WWH ::




Custom Search