Cryptography Reference
In-Depth Information
key 160 bits long: Alice has the number
xA
, Bob has the number
xB
. As before,
Alice sends
YA
g
xB
mod
p
to Alice.
However,
xA
and
xB
are fixed, similarly to the SKIP example. Either one of
them creates 160-bit random numbers,
rA
and
rB
, especially for that session
and sends
RA
=
g
rA
g
xA
mod
p
to Bob, and Bob sends
YB
=
=
mod
p
and
RB
=
g
rB
mod
p
, respectively, to the other
party. Next, Alice computes
tAB = (YB)
rA
modp=g
xB rA
mod p and
uAB = (RB)
xA
modp=g
rB xA
mod p.
(
YA
)
rB
mod
p
,
i.e., the same numbers:
tAB
=
tBA
,
uAB
=
uBA
. Next, both parties create
(
RA
)
xB
Analogously, Bob computes
tBA
=
mod
p
and
uBA
=
w = (tAB + uAB) mod p
where
w
is the joint secret. It is created by the fact that each party links its
random
secret key,
xA
(
xB
), with the
fixed
public key,
YB
(
YA
), of the other
party, and links its
fixed
secret key with the
random
public key of the other
party.
The two parties can now take the same bits from
w
to get their session key.
The NSA obviously found this to be too risky. Using Skipjack, it derives the
session key by a relatively complicated method:
•
First of all, the 80 most significant bits are taken from the 1024 bits of
w
; they form the number
v
1; the next 80 bits form
v
2.
•
v
1 is XORed with a fixed 80-bit number,
pad
(
pad
has the value 0x72f1a
87e92824198ab0b). The result,
kv
, serves as key for Skipjack.
•
Skipjack and key
kv
are used to cipher the most significant 64 bits of
v
2
twice, producing the 64 most significant bits of the session key.
•
The 16 least significant bits of the session key are equal to the 16 least
significant bits of
v
2, XORed with the 16 most significant bits of the
result produced by the first Skipjack cipher.
Figure 6.1 shows a schematic view of this procedure.