Diffie-Hellman key-exchange establishes a shared secret between two parties that can be used for secret communication for exchanging data over a public network.
The following conceptual diagram illustrates the general idea of the key exchange by using colors instead of very large numbers.
In this example the color is yellow. Each of them selects a secret color–red and aqua respectively–that they keep to themselves.
The crucial part of the process is that Alice and Bob now mix their secret color together with their mutually shared color, resulting in orange and blue mixtures respectively, then publicly exchange the two mixed colors.
Finally, each of the two mix together the color they received from the partner with their own private color. The result is a final color mixture (brown) that is identical to the partner's color mixture.
If another party Eve had been listening in on the exchange, it would be computationally difficult for that Eve to determine the common secret color; in fact, when using large numbers rather than colors, this action is impossible for modern supercomputers to do in a reasonable amount of time.
Diffie-Hellman key-exchange Detail#Diffie-Hellman key-exchange or "Diffie-Hellman key agreement" is not based on encryption and decryption, but instead relies on mathematical functions that enable two parties to generate a shared secret key for exchanging information confidentially over an insecure channel.
Essentially, each party agrees:
- on a public value g and a large prime number p .
- one party chooses a secret value x
- the other party chooses a secret value y
- Both parties use their secret values to derive public values, g x mod p and g y mod p,
- they exchange the public values.
- Each uses the other party's public value to calculate the shared secret key that is used by both parties for confidential communications.
- Alice chooses secret value x and sends the public value g x mod p to Bob.
- Bob chooses secret value y and sends the public value g y mod p to Alice.
- Alice uses the value g xy mod p as her secret key for confidential communications with Bob.
- Bob uses the value g yx mod p as his secret key.
Diffie-Hellman key-exchange is widely used with varying technical details by Internet security technologies, such as IPsec and TLS, to provide secret Key-Exchange for confidential online communications.
Diffie-Hellman Key-Exchange is one of the earliest practical examples of public Key exchange implemented within the field of cryptography. Traditionally, secure encrypted communication between two parties required that they first exchange keys by some secure physical channel, such as paper key lists transported by a trusted courier.
The Diffie-Hellman key-exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure channel. This key can then be used to encrypt subsequent communications using a Symmetric Key cipher.
More Information#There might be more information for this subject on one of the following:
- Diffie-Hellman Ephemeral
- Diffie-Hellman or RSA
- Double Ratchet Algorithm
- Elliptic Curve Diffie-Hellman
- How SSL-TLS Works
- Key Derivation Function
- PKCS 3
- TLS 1.3