Diffie-Hellman key-exchange is a specific method of securely Key-Exchange over a public channel and was one of the first public-key protocols as originally conceptualized by Ralph Merkle.

Diffie-Hellman key-exchange or "Diffie-Hellman key agreement" is not based on encryption and decryption, but instead relies on mathematical functions that enable two parties to generate a shared secret key for exchanging information confidentially over an insecure channel.

Essentially, each party agrees:

  • on a public value g and a large prime number p .
  • one party chooses a secret value x
  • the other party chooses a secret value y
  • Both parties use their secret values to derive public values, g x mod p and g y mod p,
  • they exchange the public values.
  • Each uses the other party's public value to calculate the shared secret key that is used by both parties for confidential communications.
A third party cannot, in theory, derive the shared secret key because they do not know either of the secret values, x or y .

For Example:

  • Alice chooses secret value x and sends the public value g x mod p to Bob.
  • Bob chooses secret value y and sends the public value g y mod p to Alice.
  • Alice uses the value g xy mod p as her secret key for confidential communications with Bob.
  • Bob uses the value g yx mod p as his secret key.
Because g xy mod p equals g yx mod p, Alice And Bob can use their secret keys with a Symmetric Key algorithm to conduct confidential communications. The use of the modulo function ensures that both parties can calculate the same secret key value, but an eavesdropper cannot. An eavesdropper can intercept the values of g and p , but because of the extremely difficult mathematical problem created by the use of a large prime number in mod p, the eavesdropper cannot feasibly calculate either secret value x or secret value y . The secret key is known only to each party and is never visible on the network.

Diffie-Hellman key-exchange is widely used with varying technical details by Internet security technologies, such as IPsec and TLS, to provide secret Key-Exchange for confidential online communications.

Diffie-Hellman Key-Exchange is one of the earliest practical examples of public Key exchange implemented within the field of cryptography. Traditionally, secure encrypted communication between two parties required that they first exchange keys by some secure physical channel, such as paper key lists transported by a trusted courier.

The Diffie-Hellman key-exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure channel. This key can then be used to encrypt subsequent communications using a Symmetric Key cipher.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-8) was last changed on 07-Jan-2017 11:23 by jim