WEBVTT

00:00.620 --> 00:07.430
Asymmetric encryptions are incredibly powerful tools things like Orris a are just absolutely amazing

00:07.430 --> 00:08.740
in terms of their power.

00:08.870 --> 00:16.050
However asymmetric encryption generally requires a lot of overhead with RSA.

00:16.160 --> 00:22.400
We have all kinds of other tools to provide authentication and we cover this in other episodes.

00:22.400 --> 00:27.650
What it boils down to is that there's a lot of situations where you don't need a lot of authentication

00:27.650 --> 00:34.100
or anything like that you just want to exchange a session key so you can kick a symmetric encryption

00:34.190 --> 00:35.230
into gear.

00:35.570 --> 00:43.670
And that's where something called Diffie Helman comes into play Diffie Helman is an asymmetric algorithm.

00:43.670 --> 00:45.880
That's the first thing you need to understand.

00:46.310 --> 00:52.070
But the only thing Diffie Hellman does is it doesn't really provide encryption per se it only provides

00:52.070 --> 00:57.260
a methodology for two parties to come up with the same session key.

00:57.260 --> 00:58.920
It's absolutely fascinating.

00:59.000 --> 01:03.890
Diffie Helman is an incredibly powerful tool but you got to be careful.

01:03.890 --> 01:11.480
It does use an asymmetric methodology but it doesn't have a classic public private pre-generated key

01:11.480 --> 01:13.430
that you'd see with like RSA.

01:13.490 --> 01:19.640
This is all kind of done on the fly using some fascinating integer mathematics in fact the mathematics

01:19.640 --> 01:22.990
is so fascinating that it actually started to put me to sleep.

01:23.030 --> 01:29.990
And unless you're really into discrete logarithms and modulo arithmetic you may not want to go through

01:29.990 --> 01:30.650
all the details.

01:30.650 --> 01:36.770
The beautiful part is is that when it comes to Diffie Hellman there's a wonderful analogy using your

01:36.770 --> 01:44.620
Edhi color Alice and Bob want to send encrypted data to each other using some form of symmetric encryption.

01:44.740 --> 01:47.350
So to do this they need the same key.

01:47.350 --> 01:53.130
But the problem here is that we have Ebe a potential third party listening in and we don't want either

01:53.230 --> 01:56.680
to be able to determine what our symmetric key is going to be.

01:56.860 --> 02:02.980
So somehow we've got to come up with a magic way that both Bob and Alice can have the same symmetric

02:02.980 --> 02:08.940
key without that key actually ever being moved across the wire so that IID could see it.

02:09.130 --> 02:16.840
Now to do this we're going to use Diffie Hellman Diffie Helman is a key agreement protocol Sometimes

02:16.840 --> 02:23.770
it's called a key exchange protocol and the whole goal of Diffie Helman is to take advantage of what

02:23.770 --> 02:25.240
we called modular arithmetic.

02:25.250 --> 02:28.520
So here's an example of modulo arithmetic.

02:28.750 --> 02:34.960
This particular formula it's really really hard to figure out what three you'll see three to this question

02:34.960 --> 02:36.010
mark power there.

02:36.190 --> 02:42.010
Given this type of value it's very hard to figure out what we call the discrete logarithm of this particular

02:42.010 --> 02:43.570
type of equation now.

02:43.870 --> 02:50.620
So without going into any more detail than that well it makes it a lot more sense if instead of using

02:50.680 --> 03:01.480
numbers like this let's pretend that we want both Alice and Bob to have a unique color.

03:01.690 --> 03:10.730
So to do this we actually do use asymmetric encryption here in that first of all either Bob or Alice.

03:10.750 --> 03:13.350
Define a particular public key.

03:13.360 --> 03:15.590
Now this public key is a big long number.

03:15.670 --> 03:18.850
But in this case let's just make it the color yellow because it's a little bit easier.

03:18.850 --> 03:21.260
This is a unique color.

03:21.250 --> 03:29.410
Now what we're going to do here is just as if we mix two different colors together to get a unique color

03:30.220 --> 03:33.230
it is very easy to mix these two colors together.

03:33.400 --> 03:40.180
But it's extremely difficult to get the exact to original colors out of that just by mixing them.

03:40.240 --> 03:42.790
It's there's a million different potential colors.

03:42.850 --> 03:44.510
So with that I did mind.

03:44.560 --> 03:46.810
Let's go through a Diffee home in exchange.

03:46.930 --> 03:47.470
OK.

03:47.510 --> 03:53.100
So right now Allison Bob each have a public key and we're going to call this public key.

03:53.140 --> 03:55.710
That will be the color yellow in this particular case.

03:55.720 --> 03:58.290
Now Yves could see this public key too and you know what.

03:58.330 --> 03:59.860
We don't care.

03:59.860 --> 04:02.760
Now both Alice and Bob on their own.

04:02.860 --> 04:06.600
Generate a random private value in this case.

04:06.640 --> 04:10.680
We're going to say Alice is the color red and Bob is the color blue.

04:11.110 --> 04:15.140
So what they're going to do is using this groovy mathematics.

04:15.250 --> 04:20.420
In essence they're going to mix these colors together creating this third color.

04:20.420 --> 04:25.420
Now Yves could see these colors but it's not going to do her any good because she doesn't know the private

04:25.420 --> 04:27.520
color by which they derive that value.

04:27.520 --> 04:34.190
So she she can't do anything with that so they go ahead and Alice and Bob exchange this mix.

04:34.350 --> 04:36.010
And now here's the cool part.

04:36.060 --> 04:41.960
Allison Bob then add their own private colors to this mix.

04:42.770 --> 04:46.820
And it creates the exact same value.

04:47.000 --> 04:53.930
So this funny looking kind of brownish color is actually a unique number and this is the number that

04:53.930 --> 04:58.600
we can go ahead and do symmetric encryption with an e.

04:58.640 --> 05:04.060
We'll never know what that number is Diffie Hellmann's been around for a long time.

05:04.090 --> 05:10.780
And one of the challenges we run into with the Hellman is that because it uses big Energizers as the

05:10.780 --> 05:17.380
initial seed to generate the key exchange some of these have shown themselves to be potentially crackable.

05:17.560 --> 05:24.610
So what we do over the years is that the Diffie Helman people generate what we call the Hellmann groups.

05:24.820 --> 05:28.750
So here's an example of some of these Diffie Hellman groups and you'll see that they have a numerical

05:28.750 --> 05:30.630
value associated with them.

05:30.640 --> 05:36.940
These numbers are simply used by the allicin Bobs who want to do DIFI home and to negotiate how big

05:36.940 --> 05:38.770
of a number that they might want to use.

05:38.770 --> 05:42.630
Now if you look at the bottom of this list you'll see it says elliptical curve.

05:42.640 --> 05:44.290
Let me explain what that is.

05:45.700 --> 05:52.660
Diffie Hellman because it uses large integers is subject potentially to cracking.

05:52.660 --> 06:00.040
So just as we've seen with other types of asymmetric encryption the idea of using elliptic curve has

06:00.040 --> 06:01.820
become very very popular.

06:01.870 --> 06:09.040
So there are now ways to use elliptic curve Diffie Hellman in order to do the key exchange.

06:09.040 --> 06:11.780
The nice part for us is we don't have to worry about that.

06:11.890 --> 06:17.680
We just generate applications where that Alice and bobs that are doing to the Hellmann can negotiate

06:17.710 --> 06:21.550
and they can ask for whatever group they want including elliptic curve

06:31.000 --> 06:35.130
and.