Diffie-Hellman：安全网络通信背后的天才算法

Let's start with a quick thought experiment.

让我们从快速思考实验开始。

You have a network of 3 computers, used by Alice, Bob, and Charlie. All 3 participants can send messages, but just in a way that all other clients who connected to the network can read it. This is the only possible communication form between participants.

您有3台计算机组成的网络，供Alice，Bob和Charlie使用。所有3个参与者都可以发送消息，但是其方式是连接到网络的所有其他客户端都可以读取消息。这是参与者之间唯一可能的沟通形式。

If Alice sends a message through the wires, both Bob and Charlie get it. In other words, Alice cannot send a direct message to Bob without Charlie receiving it as well.

如果爱丽丝通过电线发送消息，则鲍勃和查理都会收到消息。换句话说，爱丽丝必须在查理也没有收到的情况下才能向鲍勃发送直接消息。

But Alice wants to send a confidential message to Bob and doesn't want Charlie to be able to read it.

但是爱丽丝(Alice)希望向鲍勃(Bob)发送机密消息，并且不希望查理(Charlie)能够阅读该消息。

Seems impossible with these strict rules, right? The beautiful thing that this problem is solved in 1976 by Whitfield Diffie and Martin Hellman.

这些严格的规则似乎不可能，对吧？ 1976年，Whitfield Diffie和Martin Hellman解决了这个问题。

This is a simplified version of the real world, but we face the same problem when communicating through the biggest network that's ever existed.

这是现实世界的简化版本，但是在通过迄今为止最大的网络进行通信时，我们也面临同样的问题。

Usually, you are not directly connected to the internet, but you are part of a local smaller network, called Ethernet.

通常，您不是直接连接到Internet，而是属于本地小型网络(称为以太网)的一部分。

This smaller network can be wired or wireless (Wi-Fi), but the base concept remains. If you send a signal through the network this signal can be read by all other clients connected to the same network.

这个较小的网络可以是有线或无线(Wi-Fi)，但基本概念仍然存在。如果通过网络发送信号，则连接到同一网络的所有其他客户端都可以读取该信号。

Once you emit a message to your bank's server with your credit card information, all other clients in the local network will get the message, including the router. It will then forward it to the actual server of the bank. All other clients will ignore the message.

将带有信用卡信息的消息发送到银行的服务器后，本地网络中的所有其他客户端(包括路由器)都将收到该消息。然后它将转发到银行的实际服务器。所有其他客户端将忽略该消息。

But what if there is a malicious client in the network who won't ignore your confidential messages, but read them instead? How is it possible you still have money on your bank account?

但是，如果网络中存在一个恶意客户端，该客户端不会忽略您的机密消息，而是会读取它们，该怎么办？您如何在银行帐户上仍然有钱？

加密 (Encryption)

It's kind of clear at this point that we need to use some kind of encryption to make sure that the message is readable for Alice and Bob, but complete gibberish for Charlie.

在这一点上很明显，我们需要使用某种加密方式来确保该消息对Alice和Bob可读，但对于Charlie则是完全乱码。

Encrypting information is done by an encryption algorithm, which takes a key (for example a string) and gives back an encrypted value, called ciphertext. The ciphertext is just a completely random-looking string.

信息加密是通过一种加密算法完成的，该算法获取一个密钥(例如字符串)，并返回一个称为密文的加密值。密文只是一个看起来完全随机的字符串。

It's important that the encrypted value (ciphertext) can be decrypted only with the original key. This is called a symmetric-key algorithm because you need the same key for decrypting the message as it was encrypted with. There are also asymmetric-key algorithms, but we don't need them right now.

重要的是，加密值(密文)只能用原始密钥解密。这称为对称密钥算法，因为您需要使用与解密消息时相同的密钥来解密消息。也有非对称密钥算法，但是我们现在不需要它们。

To make it easier to understand this, here is a dummy encryption algorithm implemented in JavaScript:

为了更容易理解，这是用JavaScript实现的虚拟加密算法：

In this function, I mapped each character into another character based on the length of the given key.

在此功能中，我根据给定键的长度将每个字符映射到另一个字符。

Every character has an integer representation, called ASCII code. There is a dictionary that contains all characters with its code, called the ASCII table. So we incremented this integer by the length of the key:

每个字符都有一个整数表示形式，称为ASCII码。有一个包含所有字符及其代码的字典，称为ASCII表。因此，我们将该整数增加了密钥的长度：

Decrypting the ciphertext is pretty similar. But instead of addition, we subtract the key length from every character in the ciphertext, so we get back the original message.

解密密文非常相似。但是，除了加法，我们从密文中的每个字符中减去密钥长度，因此我们得到了原始消息。

Finally here is the dummy encryption in action:

最后是实际的虚拟加密：

We applied some degree of encryption to the message, but this algorithm was only useful for demonstration purposes, to get a sense of how symmetric-key encryption algorithms behave.

我们对消息应用了一定程度的加密，但是此算法仅用于演示目的，以了解对称密钥加密算法的行为。

There are a couple of problems with this implementation besides handling corner cases and parameter types poorly.

除了处理极少情况和参数类型外，此实现还有几个问题。

First of all every 8 character-long key can decrypt the message which was encrypted with the key "password". We want an encryption algorithm to only be able to decrypt a message if we give it the same key that the message was encrypted with. A door lock that can be opened by every other key isn't that useful.

首先，每8个字符长的密钥可以解密用密钥“ password”加密的消息。我们希望加密算法仅在给消息提供与加密消息相同的密钥时才能够解密消息。可以用其他任何钥匙打开的门锁不是那么有用。

Secondly, the logic is too simple – every character is shifted the same amount in the ASCII table, which is too predictable. We need something more complex to make it harder to find out the message without the key.

其次，逻辑太简单了–每个字符在ASCII表中的移动量都是相同的，这太可预测了。我们需要更复杂的东西，以使其更难找到没有密钥的消息。

Thirdly, there isn't a minimal key length. Modern algorithms work with at least 128 bit long keys (~16 characters). This significantly increases the number of possible keys, and with this the secureness of encryption.

第三，没有最小的密钥长度。现代算法使用至少128位长的密钥(〜16个字符)工作。这显着增加了可能的密钥数量，并因此增加了加密的安全性。

Lastly, it takes too little time to encrypt or decrypt the message. This is a problem because it doesn't take too much time to try out all possible keys and crack the encrypted message.

最后，花费很少的时间来加密或解密消息。这是一个问题，因为它不需要花费太多时间来尝试所有可能的密钥并破解加密的消息。

This is hand in hand with the key length: An algorithm is secure if I as an attacker want to find the key, then I need to try a large number of key combinations and it takes a relatively long time to try a single combination.

这与密钥长度密切相关：如果作为攻击者我想找到密钥，则算法是安全的，那么我需要尝试大量的密钥组合，并且尝试单个组合需要相对较长的时间。

There is a wide range of symmetric encryption algorithms that addressed all of these claims, often used together to find a good ratio of speed and secureness for every situation.

有各种各样的对称加密算法可以解决所有这些问题，通常将它们结合使用以找到每种情况下良好的速度和安全性比率。

The more popular symmetric-key algorithms are Twofish, Serpent, AES (Rijndael), Blowfish, CAST5, RC4, TDES, and IDEA.

最受欢迎的对称密钥算法是Twofish ， Serpent ， AES ( Rijndael )， Blowfish ， CAST5 ， RC4 ， TDES和IDEA 。

If you want to learn more about cryptography in general check out this talk.

如果您想进一步了解有关密码学的更多信息，请查看此演讲。

密钥交换 (Key exchange)

It looks like we reduced the original problem space. With encryption, we can create a message which is meaningful for parties who are eligible to read the information, but which is unreadable for others.

看来我们减少了原来的问题空间。通过加密，我们可以创建一条消息，该消息对有资格阅读该信息的各方有意义，而对于其他人则不可读。

When Alice wants to write a confidential message, she would pick a key and encrypt her message with it and send the ciphertext through the wires. Both Bob and Charlie would receive the encrypted message, but none of them could interpret it without Alice's key.

当爱丽丝(Alice)要写机密消息时，她会选择一个密钥并用它加密消息，然后通过电线发送密文。 Bob和Charlie都将收到加密的消息，但是没有Alice的密钥，他们都无法解释它。

Now the only question to answer is how Alice and Bob can find a common key just by communicating through the network and prevent Charlie from finding out that same key.

现在唯一要回答的问题是，爱丽丝和鲍勃如何仅通过网络进行通信就能找到一个公用密钥，从而阻止查理找到相同的密钥。

If Alice sends her key directly through the wires Charlie would intercept it and would be able to decrypt all Alice's messages. So this is not a solution. This is called the key exchange problem in computer science.

如果Alice直接通过电线发送她的密钥，Charlie将会拦截它并能够解密所有Alice的消息。因此，这不是解决方案。这称为计算机科学中的密钥交换问题。

Diffie-Hellman密钥交换 (Diffie–Hellman key exchange)

This cool algorithm provides a way of generating a shared key between two people in such a way that the key can't be seen by observing the communication.

这种很酷的算法提供了一种在两个人之间生成共享密钥的方式，这种方式使得通过观察通信无法看到密钥。

As a first step, we'll say that there is a huge prime number, known to all participants, it's public information. We call it "p" or modulus.

首先，我们要说的是一个巨大的质数，所有参与者都知道，这是公共信息。我们称其为“ p”或模量 。

There is also another public number called "g" or base, which is less than p.

还有另一个称为“ g”或base的公用号码，小于p 。

Don't worry about how these numbers are generated. For the sake of simplicity let's just say Alice picks a very big prime number (p) and a number which is considerably less than p. She then sends them through the wires without any encryption, so all participants will know these numbers.

不必担心这些数字是如何生成的。为了简单起见，我们只说爱丽丝选择了一个很大的质数( p )，而这个数大大小于p 。然后，她通过电线将其发送，无需任何加密，因此所有参与者都将知道这些号码。

Example: To understand this through an example, we'll use small numbers. Let's say p=23 and g=5.

示例：为了通过示例理解这一点，我们将使用少量数字。假设p = 23和g = 5 。

As a second step both Alice (a) and Bob (b) will pick a secret number, which they won't tell anybody, it's just locally living in their computers.

第二步，爱丽丝( a )和鲍勃( b )都会选择一个秘密号码，他们不会告诉任何人，这只是本地居住在他们的计算机中。

Example:Let's say Alice picked 4 (a=4), and Bob picked 3 (b=3).

例：假设爱丽丝(Alice)选择4( a = 4 )，鲍勃(Bob)选择3( b = 3 )。

As a next step, they will do some math on their secret numbers, they will calculate:

下一步，他们将对自己的密码进行一些数学运算，他们将计算：

the base (g) in the power of their secret number,

以他们的秘密编号为准的基数( g )，
and take the calculated number's modulo to p.

并将计算出的数字取模p 。
Call the result A (for Alice) and B (for Bob).

将结果称为A (对于Alice)和B (对于Bob)。

Modulo is a simple mathematical statement, and we use it to find the remainder after dividing one number by another. Here is an example: 23 mod 4 = 3, because 23/4 is 5 and 3 remains.

模数是一个简单的数学表达式，在将一个数除以另一个后，我们用它来查找余数。这是一个示例： 23 mod 4 = 3 ，因为23/4是5且剩余3个。

Maybe it's easier to see all of this in code:

也许更容易在代码中看到所有这些：

// base
const g = 5;
// modulus
const p = 23;// Alice's randomly picked number
const a = 4;
// Alice's calculated value
const A = Math.pow(g, a)%p;// Do the same for Bob
const b = 3;
const B = Math.pow(g, b)%p;console.log("Alice's calculated value (A):", A);
// Alice's calculated value (A): 4
console.log("Bob's calculated value (B):", B);
// Bob's calculated value (B): 10

Now both Alice and Bob will send their calculated values (A, B) through the network, so all participants will know them.

现在，爱丽丝和鲍勃都将通过网络发送他们的计算值( A ， B )，因此所有参与者都将知道它们。

As a last step Alice and Bob will take each other's calculated values and do the following:

作为最后一步，爱丽丝和鲍勃将获取彼此的计算值并执行以下操作：

Alice will take Bob's calculated value (B) in the power of his secret number (a),

爱丽丝(Alice)将以鲍勃(Bob)的计算值( B )为其秘密数字( a )的幂，
and calculate this number's modulo to p and will call the result s (secret).

并计算该数字对p的模，然后将结果称为s (秘密)。
Bob will do the same but with Alice's calculated value (A), and his secret number (b).

鲍勃将做同样的事情，但要使用爱丽丝的计算值( A )和他的秘密号码( b )。

At this point, they successfully generated a common secret (s), even if it's hard to see right now. We will explore this in more detail in a second.

在这一点上，他们成功地产生了共同的秘密(S)，即使它是很难看到现在。我们将在稍后详细探讨。

In code:

在代码中：

As you can see both Alice and Bob got the number 18, which they can use as a key to encrypt messages. It seems magic at this point, but it's just some math.

如您所见，Alice和Bob都获得了18号，他们可以将其用作加密消息的密钥。在这一点上看起来很神奇，但这只是一些数学。

Let's see why they got the same number by splitting up the calculations into elementary pieces:

让我们通过将计算分为基本部分来了解为什么它们得到相同的数字：

In the last step, we used a modulo arithmetic identity and its distributive properties to simplify nested modulo statements.

在最后一步中，我们使用了模算术恒等式及其分布特性来简化嵌套的模数语句。

So Alice and Bob have the same key, but let's see what Charlie saw from all of this. We know that p and g are public numbers, available for everyone.

因此，爱丽丝(Alice)和鲍勃(Bob)具有相同的密钥，但让我们看看查理(Charlie)从这一切中看到了什么。我们知道p和g是公用号码，每个人都可以使用。

We also know that Alice and Bob sent their calculated values (A, B) through the network, so that can be also caught by Charlie.

我们也知道Alice和Bob通过网络发送了他们的计算值( A ， B )，因此Charlie也可以捕获它们。

Charlie knows almost all parameters of this equation, just a and b remain hidden. To stay with the example, if he knows that A is 4 and p is 23, g to the power of a can be 4, 27, 50, 73, ... and infinite other numbers which result in 4 in the modulo space.

查理几乎知道该方程的所有参数，只有a和b保持隐藏。留在例如，如果他知道A是4，p为23，g到的电源可以是4，27，50，73，...以及其导致4中的模数空间中无限其它数量。

He also knows that only the subset of these numbers are possible options because not all numbers are an exponent of 5 (g), but this is still an infinite number of options to try.

他还知道，只有这些数字的子集才是可能的选择，因为并非所有数字的指数都是5( g )，但这仍然是可以尝试的无数选择。

This doesn't seem too secure with small numbers. But at the beginning I said that p is a really large number, often 2000 or 4000 bits long. This makes it almost impossible to guess the value of a or b in the real world.

数量较少似乎不太安全。但是一开始我说p是一个很大的数字，通常是2000或4000位长。这使得几乎不可能猜测现实世界中a或b的值。

The common key Alice and Bob both possess only can be generated by knowing a or b, besides the information that traveled through the network.

除了通过网络传播的信息之外，爱丽丝和鲍伯都拥有的公用密钥只能通过知道a或b来生成。

If you're more visual, here is a great diagram shows this whole process by mixing buckets of paint instead of numbers.

如果您更直观，这是一个很棒的图表，通过混合油漆桶而不是数字来显示整个过程。

Here p and g shared constants represented by the yellow "Common paint". Secret numbers of Alice and Bob (a, b) is "Secret colours", and "Common secret" is what we called s.

在这里， p和g共享由黄色“通用涂料”表示的常数。爱丽丝(Alice)和鲍勃(Bob)的秘密数字( a ， b )是“秘密颜色”，而“共同秘密”就是我们所说的s 。

This is a great analogy because it's representing the irreversibility of the modulo operation. As mixed paints can't be unmixed to their original components, the result of a modulo operation can't be reversed.

这是一个很好的类比，因为它表示模运算的不可逆性。由于混合的涂料不能与原始成分混合，因此取模运算的结果不可逆。

摘要 (Summary)

Now the original problem can be solved by encrypting messages using a shared key, which was exchanged with the Diffie-Hellman algorithm.

现在，可以通过使用共享密钥对消息加密来解决原始问题，该共享密钥已与Diffie-Hellman算法进行了交换。

With this Alice and Bob can communicate securely, and Charlie cannot read their messages even if he is part of the same network.

这样，爱丽丝和鲍勃就可以安全地进行通信，并且即使查理属于同一网络，他也无法阅读他们的消息。

Thanks for reading this far! I hope you got some value from this post and understood some parts of this interesting communication flow.

感谢您阅读本文！我希望您从这篇文章中获得一些价值，并了解此有趣的交流流程的某些部分。

If it was hard to follow the math of this explanation, here is a great video to help you understand the algorithm without math, from a higher level.

如果这是很难遵循这一解释数学，这里是一个伟大的视频，帮助您了解该算法没有数学，从更高的层次。

If you liked this post, you may want to follow me on Twitter to find some more exciting resources about programming and software development.

如果您喜欢这篇文章，您可能想在Twitter上关注我，以找到有关编程和软件开发的更多令人兴奋的资源。

翻译自: https://www.freecodecamp.org/news/diffie-hellman-key-exchange/