Perfect Forward Secrecy
- when using a digital envelope, parties must agree upon a bulk encryption secret key
- original implementation of digital envelope
- server and client exchange secret keys using server’s key pair for encryption
- if server’s private key is compromised, this data could be recovered
- this risk is mitigated by perfect forward secrecy (PFS)
Perfect forward secrecy (PFS) is a characteristic of transport encryption that ensures if a key is compromised, the compromise will only affect a single session and not facilitate recovery of plaintext data from other sessions.
- uses Diffie-Hellman (D-H) key agreement to create ephemeral session keys
- doesn’t use server’s private key
- allows Alice and Bob to derive the same shared secret by sharing some related values
- shares some values, keeps others private
- Mallory cannot learn the secret from the values exchanged publicly
- authenticity of values is proved using digital signature
- ephemeral session keys means future compromise of a server will not be a risk to recorded data
- each session uses a new key
- massively increases the cryptanalysis needed to recover an entire conversation
Info
PFS using the modular arithmetic shown in the diagram is called Diffie-Hellman Ephemeral (DHE).
- PFS is now more usually implemented as Elliptic Curve DHE (ECDHE).