WEBVTT
00:00:00.000 --> 00:00:02.000
The answer is the first one.
00:00:02.000 --> 00:00:05.000
Bob should compute yA to the xB power modulo q.
00:00:05.000 --> 00:00:07.000
The second one would compute the same thing.
00:00:07.000 --> 00:00:09.000
This is in fact exactly what Alice computed,
00:00:09.000 --> 00:00:12.000
but Bob can't do this because he doesn't know xA.
00:00:12.000 --> 00:00:14.000
The third one wouldn't compute the same key,
00:00:14.000 --> 00:00:19.000
so the correctness property is that Alice and Bob obtain the same key,
00:00:19.000 --> 00:00:21.000
and we can show this by just plugging in the values.
00:00:21.000 --> 00:00:25.000
The key Alice computed was yB to the xA.
00:00:25.000 --> 00:00:28.000
The value of yB is g to the xB, so that's equivalent
00:00:28.000 --> 00:00:31.000
to g to the xB xA mod q.
00:00:31.000 --> 00:00:34.000
The key that Bob would compute--and we'll write that as key BA
00:00:34.000 --> 00:00:38.000
since we haven't yet shown that they're equivalent using this equation.
00:00:38.000 --> 00:00:44.000
Well, yA is g to the xA, so this is g to the xA xB mod q.
00:00:44.000 --> 00:00:47.000
And we already showed that powers of powers are commutative,
00:00:47.000 --> 99:59:59.999
so these two are equivalent.