Diffie-Hellman key-exchange or "Diffie-Hellman key agreement" is not based on encryption and decryption, but instead relies on mathematical functions that enable two parties to generate a shared secret key for exchanging information confidentially over an insecure channel.
Essentially, each party agrees:
- on a public value g and a large prime number p .
- one party chooses a secret value x
- the other party chooses a secret value y
- Both parties use their secret values to derive public values, g x mod p and g y mod p,
- they exchange the public values.
- Each uses the other party's public value to calculate the shared secret key that is used by both parties for confidential communications.
- Alice chooses secret value x and sends the public value g x mod p to Bob.
- Bob chooses secret value y and sends the public value g y mod p to Alice.
- Alice uses the value g xy mod p as her secret key for confidential communications with Bob.
- Bob uses the value g yx mod p as his secret key.
Diffie-Hellman key-exchange is widely used with varying technical details by Internet security technologies, such as IPsec and TLS, to provide secret Key-Exchange for confidential online communications.
Diffie-Hellman Key-Exchange is one of the earliest practical examples of public Key exchange implemented within the field of cryptography. Traditionally, secure encrypted communication between two parties required that they first exchange keys by some secure physical channel, such as paper key lists transported by a trusted courier.
The Diffie-Hellman key-exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure channel. This key can then be used to encrypt subsequent communications using a Symmetric Key cipher.