<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview[1]
[{$pagename}] is a specific method of securely [Key-Exchange] over a public channel and was one of the first [Public Key] protocols as originally conceptualized by [Ralph Merkle].

[{$pagename}] establishes a shared secret between two parties that can be used for secret communication for exchanging data over a public network. 

The following conceptual diagram illustrates the general idea of the key exchange by using colors instead of very large numbers.

[{Image src='https://upload.wikimedia.org/wikipedia/commons/4/46/Diffie-Hellman_Key_Exchange.svg' caption='Illustration of the Diffie–Hellman Key Exchange' align=left width=1024 height=768 style='font-size: 120%}] 

The process begins by having the two parties, [Alice] and [Bob], agree on an arbitrary starting color that does not need to be kept secret (but should be different every time).

In this example the color is yellow. Each of them selects a secret color–red and aqua respectively–that they keep to themselves. 

The crucial part of the process is that [Alice] and [Bob] now mix their secret color together with their mutually shared color, resulting in orange and blue mixtures respectively, then publicly exchange the two mixed colors. 

Finally, each of the two mix together the color they received from the partner with their own private color. The result is a final color mixture (brown) that is identical to the partner's color mixture.

If another party [Eve] had been listening in on the exchange, it would be computationally difficult for that [Eve] to determine the common secret color; in fact, when using large numbers rather than colors, this action is impossible for modern supercomputers to do in a reasonable amount of time.\\

[{$pagename}] is the [Best Practice] for [Key-Exchange].


!! [{$pagename}] Detail
[{$pagename}] or &quot;[Diffie-Hellman] key agreement&quot; is not based on encryption and decryption, but instead relies on mathematical functions that enable two parties to generate a shared secret key for exchanging information confidentially over an insecure channel. 

Essentially, each party agrees:
* on a public value g and a large prime number p . 
* one party chooses a secret value x 
* the other party chooses a secret value y
* Both parties use their secret values to derive public values, g x mod p and g y mod p, 
* they exchange the public values. 
* Each uses the other party's public value to calculate the shared secret key that is used by both parties for confidential communications. 
A third party cannot, in theory, derive the shared secret key because they do not know either of the secret values, x or y .

For [Example]: 
* [Alice] chooses secret value x and sends the public value g x mod p to [Bob]. 
* [Bob] chooses secret value y and sends the public value g y mod p to [Alice]. 
* [Alice] uses the value g xy mod p as her secret key for confidential communications with [Bob]. 
* [Bob] uses the value g yx mod p as his secret key. 
Because g xy mod p equals g yx mod p, [Alice And Bob] can use their secret keys with a [Symmetric Key] algorithm to conduct confidential communications. The use of the modulo function ensures that both parties can calculate the same secret key value, but an eavesdropper cannot. An eavesdropper can intercept the values of g and p , but because of the extremely difficult mathematical problem created by the use of a large prime number in mod p, the eavesdropper cannot feasibly calculate either secret value x or secret value y . The secret key is known only to each party and is never visible on the network.

[{$pagename}] is widely used with varying technical details by Internet security technologies, such as [IPsec] and [TLS], to provide secret [Key-Exchange] for [confidential] online communications.

[Diffie-Hellman] [Key-Exchange] is one of the earliest practical examples of [public Key] exchange implemented within the field of cryptography. Traditionally, secure encrypted communication between two parties required that they first exchange keys by some secure physical channel, such as paper key lists transported by a trusted courier. 

The [{$pagename}] method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure channel. This key can then be used to encrypt subsequent communications using a [Symmetric Key] cipher.

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Diffie–Hellman_key_exchange|Wikipedia:Diffie–Hellman_key_exchange|target='_blank'] - based on information obtained 2016-11-08
* [#2] - [Diffie–Hellman key exchange|https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange|target='_blank'] - based on information obtained 2013-04-10

</pre>