Diffie-Hellman Key Exchange

Posted on 2014-10-02 by jcs

Sarah Laskow has a nice article in The Atlantic about the Diffie-Hellman key exchange. That’s an unlikely topic for the Atlantic, of course, but the article is more about Diffie and Hellman and how they changed everything with their protocol. My only complaint is that it doesn’t mention Ralph Merkle who was, and is recognized as, a co-inventor of the method.

For those who don’t know about it or are hazy on the details, the Diffie-Hellman key exchange method solves a seemingly impossible problem: how to publicly agree on a secret key for further communication. That means that even if every part of the negotiation is observed by a third party, the key still remains hidden.

The solution is surprisingly simple. Here’s a simple, but incorrect, version that illustrates the idea.

  1. Both sides, say Alice and Bob, first agree on a public integer \(g\)1.
  2. Alice chooses a large random integer \(r_{a}\).
  3. Alice sends \(g^{r_{a}}\) to Bob.
  4. Bob choose his own random integer, \(r_{b}\).
  5. Bob sends \(g^{r_{b}}\) to Alice.
  6. Alice computes \(g^{r_{b}r_{a}}\) by simply exponentiating the \(g^{r_{b}}\) that she got from Bob by \(r_{a}\).
  7. Bob calculates \(g^{r_{a}r_{b}}\).

But \(g^{r_{b}r_{a}} = g^{r_{a}r_{b}}\) so Alice and Bob have calculated the same number and agree to use it as their key.

The idea is that since an attacker can’t recover \(r_{a}\) from \(g^{r_{a}}\) or \(r_{b}\) from \(g^{r_{b}}\) he can’t compute \(g^{r_{a}r_{b}}\) to discover the key. Of course, an attacker can recover the exponent \(r\) from \(g^{r}\) by simply taking the logarithm so this method obviously isn’t secure. The Diffie-Hellman method solves this problem by making all the calculations in a multiplicative group \(G\) with \(g \in G\) a generating element of \(G\).

That’s a bit abstract so let’s look at a group, \(G\), that you’re probably familiar with. One way of making the calculations is to use the finite field \(\mathbb{Z}_{p}\) for some prime \(p\) and \(g\) a primitive root of \(\mathbb{Z}_{p}\). Everything I described above still holds except the multiplications and exponentiations are performed modulo \(p\). But now recovering the exponents is no longer simple. It’s called the discrete logarithm problem and is believed to be of the same order of difficulty as the factoring of large numbers, rendering the Diffie-Hellman method about as secure as, say, RSA encryption2.

Footnotes:

1

In practice, \(g\) is known in advance and is one of several published numbers used for the method.

2

There has been some recent progress on the discrete logarithm problem, but not with the type of groups used for Diffie-Hellman. Experts believe Diffie-Hellman is still secure and will be for the foreseeable future.

Posted in General | Tagged | Leave a comment

Recent Outage

Posted on 2014-10-01 by jcs

Irreal was offline for a few hours last night and early this morning. The problem was that spammers and their bots had been hitting the site so much that Irreal’s hosting provider suspended the site until we could get it resolved.

Things are back to normal now. Sorry for the inconvenience.

Posted in Blogging | Tagged | Leave a comment

Generating Random Trees

Posted on 2014-10-01 by jcs

I’ve mentioned Atabey Kaygun’s blog before. He mostly writes short posts on some mathematical algorithm, which he illustrates with Lisp. One such post was about generating random trees of \(n\) nodes in such a way that every possible tree having \(n\) nodes is equally likely.

This turns out to be ridiculously easy and a simple induction shows that each tree is, in fact, equally likely. See Atabey’s post for the details of the proof. The idea of the algorithm—as well as the proof—is that given a random tree of \(n-1\) nodes, we randomly chose one of those \(n-1\) nodes and make the new, \(n^{\textrm{th}}\), node a child of that random node. Here’s the algorithm in Elisp: 

(defun make-random-tree (nodes)
    (let (tree)
      (do ((n 1 (1+ n)))
          ((= n nodes) (reverse tree))
        (push (list (random n) n) tree))))
(make-random-tree nodes)

Running the algorithm with \(nodes=6\) yields the pairs

0 1
0 2
1 3
0 4
4 5

where the pair \((x, y)\) means that \(y\) is a child of \(x\). The tree generated from the above is:

random-tree.png

I’m writing about this for two reasons. First, obviously, it’s a neat result and potentially useful. Imagine, for example, that you have an algorithm that operates on trees and you want to generate test cases. This simple algorithms is all you need.

Second, writing it indulges my love for reproducible research. The Elisp code for generating random trees is run right in the buffer and it’s output automatically inserted into the buffer. Then other code (in the buffer but not exported) is run to draw the tree. The Org-mode source for this post could be considered a post generator. Every time I run it, I get a slightly different post.

Emacs and Org are so useful for this sort of thing that I consider it a cache miss if I have to do any processing outside of Emacs when I’m writing up results that involve calculations or other processing on data.

Posted in Programming | Tagged , | Leave a comment

Automobiles and Apple

Posted on 2014-09-30 by jcs

For those who have been off-planet and haven’t heard the news, Apple’s iOS 8 encrypts the contents of users’ iPhone and iPads in such a way that only the user—not Apple—can access it. That means that Apple can no longer respond to warrants from law enforcement asking that they unlock users’ data1.

Naturally, law enforcement is upset. Very upset. There’s the usual punditry about pedophiles and “think of the children” but Christopher Soghoian reminds us that they always say this sort of thing

UPDATE: The Macalope has a roundup of the idiocy about this issue.

Footnotes:

1

At least that data not stored in iCloud, which Apple can access and is legally obliged to turn over when presented with a warrant.

Posted in General | Tagged | Leave a comment

Emacs Idioms

Posted on 2014-09-30 by jcs

Learning to configure and extend Emacs is pretty easy for those with a modicum of Lisp experience. Much has been written about the shortcomings of Elisp and while those criticisms have merit, it’s easy for a Lisper to become comfortable with it. What’s not so easy is learning what in other contexts would be called the run time library.

Emacs Lisp is specialized—or at least its library is—to processing text. The hardest thing for a new Elisper is learning that library and becoming familiar with Elisp idioms. One of the places that I found most useful when I was learning Elisp was Xah Lee’s Emacs Lisp Tutorial. It free to read on the Web or you can buy a personal copy. Believe me, if you’re trying to learn Emacs Lisp, it’s a great resource.

One page of the tutorial that is particularly useful is Emacs Lisp Idioms for Writing Interactive Commands. It shows the most common templates for Elisp commands and demonstrates how to code basic Elisp commands. Read that page and code a few simple commands and you’re well on your way to Elisp mastery. It’s worth a look whether or not you want take on the whole tutorial.

Posted in Programming | Tagged , | Leave a comment

SBCL 1.2.4 Released

Posted on 2014-09-29 by jcs

Steel Bank Common Lisp 1.2.4 has been released and is available at the usual place. Check the NEWS page for what’s new in this release (mostly some improvements in how certain sequence functions are implemented).

As usual, there were no problems building the distribution or with the regression tests. Things just work.

Even if you merely want to play around with Lisp a bit, SBCL is a good choice. It’s got plenty of tools and is easy for a beginner to use. When you’re ready to move forward, SBCL will be right there with you. Plenty of serious, professional Lispers use SBCL as their Lisp development environment.

Posted in Programming | Tagged , | Leave a comment

Wilfred Hughes on Macro Systems

Posted on 2014-09-28 by jcs

Wilfred Hughes has an interesting post, Comparitive Macrology, in which he looks at the macro systems of various languages. For each, he implements two macros:

  • A swap macro to exercise hygiene
  • An anaphoric macro to exercise (intentional) variable capture

He demonstrates the advantages and disadvantages of each language’s macro system.

Hughes starts with C, moves on to Common Lisp, New Lisp, Scheme, Clojure, sweet.js, Rust, and Julia. It’s a really interesting post and well worth reading.

One of the things that struck me was how ugly the syntax of the non-Common Lisp languages are. Even Scheme, which shares most of its syntax with Common Lisp has a really ugly macro language. That’s something worth remembering the next time non-Lispers start grousing about all those parentheses. Just refer them to the syntax of their language.

UPDATE: Wilford → Wilfred

Posted in Programming | Tagged | 3 Comments

BSD Unix Repository

Posted on 2014-09-27 by jcs

As I’ve written before, I believe that one of the best ways of becoming a master programmer is to study the work of the masters. One of the best sources for this that I know of is the BSD Unix sources. Years ago I purchased a CD with the code for all the BSD releases. It was a great resource and I learned a lot.

The other day, I came across a link to an online SVN repository of the same thing. This is also a great resource. Of course, it’s mostly of use to C programmers or those that want to be. If you’re doing front-end work in Ruby, or JavaScript, or some other higher order language you may not be interested. If you want to find out how the Web and operating systems really work, it’s hard to imagine better material to study.

Posted in Programming | Tagged , | 1 Comment

The Virtue of Practice

Posted on 2014-09-26 by jcs

Via Jean-Philippe Paradis:

I love this. It represents the attitude of a master who is forever striving to improve.

Posted in General | Tagged | Leave a comment

Privacy for the Rest of Us

Posted on 2014-09-26 by jcs

A recurrent theme around here has been the need to give crypto-enabled apps a user interface that is transparent to Aunt Millie. This is important because no matter how well-protected the geeks make themselves, no one is truly safe until we, as a society, achieve herd immunity from surveillance by criminals and overreaching governments. As it stands now, anyone taking steps to ensure their privacy is putting on a sign that says, “I’m someone you should look at.”

Sadly, the problem is a hard one. Now, Cory Doctorow is reporting in the Guardian on an effort to solve this problem. The article discusses why this is important to everyone and announces the formation of a new non-profit organization to address the issue. The organization, Simply Secure, has a new Website up that explains what they’re trying to do and solicits user input. They also have a blog Twitter feed and a newsletter so you can follow their progress.

This seems like an excellent effort and one that deserves our support. Visit the site and see if you have skills they can use. We’ll all be better off for it.

Posted in General | Tagged | 1 Comment