Question

Let Ajay and Bijay public key is certified by a CA. Both of them uses secure DHKE with parameters α and p for encrypting/decrypting messages with a symmetric algorithm such as AES. Now assume Ranjit hold the CA’s signature algorithm (and especially its private key), which was used to generate certificates. Can Ranjit decrypt old cipher-texts which were exchanged between Ajay and Bijay before the CA signature algorithm and private key was compromised, which Ranjit had stored? Explain.

Answer 1

According to the DHKE (Diffie-Hellman Key Exchange) algorithm, only the public key has been shared between Ajay and Bijay. Because as per the parameters α and p are global public elements and known to everybody. Ajay generates his own private key X_A which is not known to anyone. Using his private key, now Ajay calculates the Public Key Y_A as Y_A = α ^X_Amod p. Similarly, Bijay generates his own private key X_B that is not revealed to anyone. Using this private ley, Bijay calculates the Public Key Y_B as Y_B = α ^X_Bmod p.

This Y_A and Y_B only are shared which is certified by the CA. Then a Secret Key is calculated by both Ajay and Bijay using their own private keys X_A and X_B. K = (Y_B )^X_A mod p (by Ajay) and K = (YA)^X_B mod p (by Bijay)

Then using this Secret Key 'K' actually which was not shared between Ajay and Bijay has been used for encrypting/decrypting messages using the AES algorithm.

Now if Ranjit holding only the CA's Signature Algorithm could only retrieve the Public keys of Ajay and Bijay with the private key of that CA. Hence, Ranjit could spoof Ajay or Bijay in terms of authorized sender or receiver only in future transactions using the compromised private key and the CA.

Ranjith by no way could find the Secret Key 'K' which are known only to Ajay and Bijay that were not shared at all. Hence, there is no option for Ranjit to decrypt old-cipher texts which were exchanged between Ajay and Bijay as these ciphertexts were encrypted and decrypted only with the Secret Key 'K'.