Home » What’s the purpose of DH Parameters?

What’s the purpose of DH Parameters?


What exactly is the purpose of these DH Parameters?

These parameters define how OpenSSL performs the Diffie-Hellman (DH) key-exchange. As you stated correctly they include a field prime p and a generator g. The purpose of the availability to customize these parameter is to allow everyone to use his / her own parameters for this. This can be used to prevent being affected from the Logjam attack (which doesn’t really apply to 4096 bit field primes).
So what do they define?
A Diffie-Hellman key exchange operates as follows (for TLS 1.2 and before1):

The server Bob uses these parameters to calculate B=g^b mod p. He sends (B,g,p) to the client Alice who computes A=g^a mod p on her own along with K=B^a mod p. She sends A to Bob and he computes K=A^b mod p. As A^b=g^(a*b)=g^(b*a)=B^a mod p holds both parties will agree on a shared key. The parameters p and g define the security of this key-exchange. A larger p will make finding the shared secret K a lot harder, defending against passive attackers.

And why do you have to pre-compute them?
Finding the prime p means finding a value for p for which p=2q+1 holds, with q being a prime. p is then called a safe prime.
Finding such primes is really computational intense and can’t be afforded on each connection, so they’re pre-computed.

Can they be public?

Yes, it’s no risk publishing them. In fact they’re sent out for every key-exchange that involves some Diffie-Hellman (DH) key exchange. There are even a few such parameters standardized for example in RFC 5114. The only possible problems with publishing may be that a powerful attacker may be interested in performing some computations on them, enabling him to perform the Logjam attack. However as your parameters use a 4096 bit field prime p this isn’t a risk.
To explain why publishing them isn’t a risk you may want to take a look at the above key-exchange description and note that the parameters are only used as a base for the computations but all the secrets (a,b) are completely independent of g,p.

1: For TLS 1.3, the client first guesses the parameters of the servers from a standardized set. Then it As for all of these parameters to the server who then either responds with a B of his own along with the choice of parameter set or responds with a list of parameters actually supported – which may include the custom generated ones this Q&A is all about.

From the openssl wiki page for the Diffie Hellman Key Exchange:

If Alice and Bob wish to communicate with each other, they first agree between them a large prime number p, and a generator (or base) g (where 0 < g < p).

Alice chooses a secret integer a (her private key) and then calculates g^a mod p (which is her public key). Bob chooses his private key b, and calculates his public key in the same way.

So Alice will always have the same private key, but for each set of DH parameters g and p, she will get a different corresponding public key.

Further down that page it says:

Since parameter generation can be an expensive process this is normally done once in advance and then the same set of parameters are used over many key exchanges.

And on the openssl wiki page for Diffie Hellman Parameters it says:

To use perfect forward secrecy cipher suites, you must set up Diffie-Hellman parameters (on the server side)

When static Diffie Hellman (DH) is used (as opposed to Ephemeral Diffie Hellman (EDH)) the DH parameters are set for the server and can actually be embedded in a certificate, so they are public see this answer. The secrecy comes from Alice and Bob’s private keys.

The purpose of the DH parameters is to exchange a secret(a large prime integer belonging to a prime order group) that will be used to encrypt a transcript of messages within a session.

Ephemeral DH offers forward security, meaning that the session key(exchanged at the beginning of the session) is deleted upon session termination. Thus an attacker could not retrieve the messages exchanged between two parties for more than the last session(as each session has a different secret key which is always deleted upon termination).

Related Solutions

how do i get particular key value from string in swift4

It's JSON array of dictionary you can get all the value of particular key by use map with array like below. let arrayValues = mainArray.map{$0["District_NameEng"] as! String} print (arrayValues) Below is the sample code to parse your json string // I've escaped...

Popup text box in HTML with javascript

Does this meet your requirements? function showPopup() { document.getElementById('2').style.display = "block"; } function syncValueWith2() { document.getElementById('2').value = document.getElementById('1').value; } function syncValueWith1() {...

C++ Fizz Buzz alternative version [closed]

You should be able to do this equally well with either for-loop or while-loop. However, that is not why your program is failing. As mentioned earlier by @EvilTeach, your program is basically accepting input from stdin(via cin) outside the braces({}) in main()...

Output is different than I expected [closed]

shopping_cart = ['apples', 'oranges', 'banana', 'kiwi', 'avocado', 'peaches'] s_list = list(shopping_cart) # shopping_cart is already list so you can ignore it. if 'mango' in s_list: print('Done') else: print('Not Done') i Think this is what you're trying to...

How does one make jsdoc actually output docs?

I have fixed it by not using export infront of classes, instead exporting them at the end of the file. like this: import { Errors } from "../errors.js"; import { Models } from "./models.js"; /** * Several paragraphs of text that explain this class * * @class *...

How can I run a jsp program? [closed]

You need to have a JSP capable web-server or application server. Check Apache Tomcat project. And follow the documentation that phoenix provided. Check this link. It gives more info http://www.jsptut.com/Getfamiliar.jsp The first result of a google search....

Why doesn’t the “extern” keyword work in the same file?

extern int x; tells the compiler: "I will provide you a int x in some other compilation unit". Please expect to find it at link time. So, you need another file: example8b.cpp int x = 0; int y = 0; int z = 0; and you need to link both files in your project. But...

Pygame event handling key events

this answer is partly copied from programarcadegames.com, if you want to make a game with pygame, you should have a look at the courses. [assuming you already have a main loop, if not, start the course mentioned above from scratch:] outside the main loop, set...

C# Creating a Grading Program

You are looking for else if construction: //TODO: out the right thresholds static string GradeMe(int average) { if (average >= 90) // 90+ return "Grade A"; else if (average >= 80) // [80..90) return "Grade B"; else if (average >= 70) // [70..80) return...

How to know the do while loop in C programming [closed]

Well: Hope the following helps you. Unlike for and while loops, which test the loop condition at the top of the loop, the do...while loop in C programming language checks its condition at the bottom of the loop A do...while loop is similar to a while loop,...

What is ambient occlusion?

Ambient occlusion is a method to approximate how bright light should be shining on any specific part of a surface, based on the light and it's environment. This is used to add realism. Wikipedia has a nice paragraph that explains what is done. Ambient occlusion...

Can Anyone tell me how can i solve this Exception [closed]

Arrays are zero-indexed. Let's assume for the sake of argument that k is of length 10. What would happen here?: int x; char ch[]= k.toCharArray(); //Convert String into character char p[]=k.toCharArray(); //Convert String into character x=k.length(); ch is now...