YAK … Authenticated Key Exchange

If you’re into Cybersecurity, you should hopefully all know about the magic of the Diffie-Hellman (DH) method. Basically, Bob and Alice agree on a generator (g) and a large prime number (p), and then Bob creates a secret (b), and Alice creates her secret (a). Bob then calculates B= g^b (mod p), and Alice calculates A=g^a (mod p). They pass their values, and Bob computes A^b (mod p) and Alice computes B^a (mod p) and they should end up with the same shared secret, and derive a secret encryption key for that:

The first time I saw this in action, and when I tried the numbers, I fell in love with the magic of cryptography. But there’s a flaw! What if Eve is in-between:

Now, Eve sits in the middle between Bob and Alice (‘a proxy’). Bob talks with Eve, and Alice also talks with Eve, and so we have a Eve-in-the-Middle. Bob has no way of knowing that he is talking to Eve instead of Alice, and the same goes for Alice. If Bob and Alice create a secure tunnel, Eve will decrypt things from Bob with K1, and then re-encrypt with K2 for Alice.