As the Internet continues its growth as a global resource enabling commerce, free speech, and private communications, it is crucial that widely employed security standards are continuously tested, examined and advanced by the information security community.
October 24, 2015
With that in mind, the Wickr team welcomes Imperfect Forward Secrecy, a paper analyzing the security of Diffie-Hellman key exchange algorithm, presented at the 22nd ACM Conference on Computer and Communications Security.
The Diffie-Hellman algorithm (DHE) has been a cornerstone of modern cryptography, strongly supported by privacy advocates and security scholars. It is the foundation for security protocols that safeguard a multitude of information assets, from websites to virtual private networks.
According to the authors of Imperfect Forward Secrecy, there are several significant vulnerabilities connected to using smaller prime numbers in the Diffie-Hellman key exchange algorithm, which makes 512 and 1024-bit DHE not sufficiently secure by today’s standards. Although it remains challenging, the task of breaking a Diffie-Hellman algorithm that uses 1024-bit prime numbers is feasible with enough time and resources. As the team of 14 researchers who published the paper pointed out, “it would cost a few hundred million dollars to build a machine, based on special purpose hardware, that would be able to crack one Diffie-Hellman prime every year.” Since many systems re-use primes, breaking most common 1024-bit numbers would allow the interception of “trillions of encrypted connections.”
“A small number of fixed or standardized groups are used by millions of servers; performing precomputation for a single 1024-bit group would allow passive eavesdropping on 18% of popular HTTPS sites, and a second group would allow decryption of traffic to 66% of IPsec VPNs and 26% of SSH servers.”
Notably, the research confirmed that systems that implement Elliptic-Curve Diffie-Hellman key exchange are immune to “all known feasible cryptanalytic attacks” since the current discrete log algorithms for strong curves do not gain as much of an advantage from pre-computation. The Wickr communications platform deploys Elliptic-Curve Diffie-Hellman key exchange in its security architecture. In addition, Wickr uses ephemeral key components, as part of its key exchange algorithm (ECDHE) to ensure that each new encryption key is isolated from potential prior and future compromises, thus providing Perfect Forward Secrecy.
These research findings are significant in advancing the state of global information security. Continuous scrutiny is undoubtedly beneficial for the advancement of widely employed security standards.
1Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice, David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry† Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta, Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Béguelin, Paul Zimmermann, CCS’15, October, 2015, https://weakdh.org/imperfect-forward-secrecy-ccs15.pdf