IPE

Diffie-Hellman key exchange

The improved packet encryption is performed by choosing a suitable cipher based from the shared secret that is exchanged with Diffie-Hellman.

Unified Diffie-Hellman key exchange

  • Initialize RFC 5114’s 1024-bit MODP standarized parameters (p, g, q)

  • Randomly generate a Static and Ephemeral public and private keys with Unified Diffie-Hellman.

  • Pass the shared secret length and public keys to the network and perform an agreement with the received public keys and shared secret length.

Cipher selection

A

Takes the remained of the first byte in the shared secret block with the shared secret size. This number will determine where the first cipher number that is stored in the shared secret block.

B

Takes the remained of the second byte in the shared secret block with the shared secret size. This number will determine where the second cipher number that is stored in the shared secret block.

C

Takes the remained of this two bytes generated from the secret block with the max algorithms supported and pick an algorithm.

D

The shared secret block contain the algorithm’s keys and a block data (a random block is being used because some algorithms do not support IV), that will be used to crypt the packets.

E

The selected cipher will be processed with CTR Mode and the generated IV

F

If the keys are generated by the server, the first cipher will be the encryption cipher. the second will be the decryption cipher. The keys are inverted in client side.

(The lengths are the default lengths assigned to the algorithm)

Appendix

Secret block content:

Start of shared data
first key
second key
non important data
second IV
first IV
End of shared data
Known Algorithms
  • RC6

  • MARS

  • Twofish

  • Serpent

  • CAST256

  • IDEA

  • DES-EDE2 (Triple DES)

  • Camellia

  • SEED

  • RC5

  • Blowfish

  • TEA

  • SHACAL2