mpdh is a Go application that demonstrates a 2-party Diffie-Hellman key exchange protocol involving a Sender, a Recipient, and a Cloud provider. It uses the NIST P-256 elliptic curve.
The protocol splits the recipient's private key between the recipient (Alice) and the cloud (Chuck).
-
Key Generation: Alice and Chuck generate random scalars
$a_1$ and$a_2$ . The effective public key is$P = (a_1 + a_2)G$ . -
Encryption (Sender): The sender uses the public key
$P$ to perform a standard ECDH, generating an ephemeral key pair$(b, bG)$ and a shared secret$S = bP$ . -
Decryption (Recipient): The recipient receives
$bG$ . To recover$S$ , they compute$a_1(bG)$ and obtain$a_2(bG)$ from the cloud. The sum is$(a_1 + a_2)bG = b(a_1+a_2)G = bP = S$ .
Build the application:
go build -o mpdh mpdh.goGenerates the split private shares and the combined public key.
./mpdh generate <pubkey_file> <chuck_share_file> <alice_share_file>Example:
./mpdh generate pk.pem chuck.key alice.keySimulates a sender performing the Diffie-Hellman exchange.
./mpdh send <pubkey_input_file> <ephemeral_pubkey_output_file>Example:
./mpdh send pk.pem ephemeral.pemThis outputs the sender's computed shared secret to stdout.
Simulates the recipient recovering the shared secret using their share and the cloud's share.
./mpdh recover <ephemeral_pubkey_input_file> <chuck_share_file> <alice_share_file> <output_secret_file>Example:
./mpdh recover ephemeral.pem chuck.key alice.key secret.binFor convenience, the following shell scripts are provided to automate the flow:
./keygen.sh: Runs thegeneratecommand../send.sh: Runs thesendcommand and logs the secret../recover.sh: Runs therecovercommand../verify.sh: Compares the sender's secret with the recovered secret to verify correctness.
This project is licensed under the MIT License - see the LICENSE file for details.