# PFS

Total views
2,595,072

Perfect Forward Secret (PFS) is simple but very interesting

Bulk encryption requires symmetric encryption, which uses shared key. This means that the sender and receiver use the same key at both ends. The sender uses the key to encrypt the data, the receiver uses the same key to decrypt. The most important aspect of symmetric encryption is that the shared key must be kept secret, especially when transmitted over a public network.
The beauty of PFS is that the sender and receiver only send part of the information over the wire, and keep the rest secret. In the end they all get the same secret value.

The procedure is as follows:
1. Alice and Bob agree to share the values p=19, q=8
2. Alice generates a random value a=5 and keeps it secret
3. Bob generates a random value b=8 and keeps it secret
4. Alice computes the value A = q^a mod p = 8^5 mod 19 = 12, sends A to Bob
5. Bob calculates the value B = q^b mod p = 8^8 mod 19 = 7, sends B to Alice
6. Alice calculates the value s1 = B^a mod p = 7^5 mod 19 = 11
7. Bob calculates the value s2 = A^b mod p = 12^8 mod 19 = 11

We see that s1 is equal to s2, both are equal to 11, called s.

The secret value s is used as the basis for using the DH (Diffie-Hellman) algorithm to generate a shared symmetric key. Such a generated shared symmetric key is random and used only for one session, not sharing the entire key information over the network, thus ensuring the encrypted connection securely.

Currently unrated

### New Comment

required

required (not published)

optional

required

What is 7 × 1?

required ### Top Posts & Pages

• ###### SELinux: kernel: The steps for security checking a program before it runs and the corresponding security rules (12,627 hits)

Contact: tuyen@omarine.org