Key Exchange

Model Preparation
Written By Piyali Mukherjee

Finite Field Cryptography Diffie Hellman Primitive :

For each client, on sign-up for a computation, we generate a large prime number and its primitive root. This prime number is drawn from a pool of 83-87 digit (in base 10) prime numbers that have been verified a priori to be prime. This number pair, the prime number and its primitive root, is unique to a client. This is used as the starting seed to generate the Diffie-Hellman key exchange protocol. The protocol is explained here.

This prime number p and the primitive root r are used, along with a locally generated random number of length 128, 192 or 256 bit, by the client, and the resulting public key is exchanged via a secured email system. These public keys are then used to generate the respective encryption & decryption keys at the client end and at out end. The keys themselves, as has been explained in the DH algorithm, are not exchanged, neither in public nor in private.

Another, usually 96 bit long, random number is generated by the client, and is encrypted using the client private key generated above using AES 128, AES 192 or AES 256 bits encryption and that number is sent to us. This number acts as the IV value for encrypting the model, as required by Galois Counter Codebook Method.

The locally generated key, the IV value, the prime number and the primitive root values are accorded the secrecy and confidentiality that is required for the interchange. Please observe that this generated key is just used twice, once to encrypt the IV value used to encrypt the model specifications file, and second time to encrypt the model specifications file itself. This key is then discarded by the client. Since the key so generated is never used again, the model itself is safe from attack.

The data is encrypted using GCM method using the key and IV values that are specified within the model specifications file.

We are in process of getting our implementation of Elliptic Curve Cryptography Cofactor Diffie-Hellman (ECC EDH) (refer NIST publication SP 800-56A Rev 3) certified by NIST, and upon receipt of certification, will offer that a an option to the client.

Be clear, be confident and don’t overthink it. The beauty of your story is that it’s going to continue to evolve and your site can evolve with it. Your goal should be to make it feel right for right now. Later will take care of itself. It always does.


Piyali Mukherjee https://www.piyali.com
Previous

Preprocessing Weights