×
Diffie-Hellman (DH) Algorithm Theory
The Diffie-Hellman (DH) algorithm is a mathematical asymmetric algorithm that allows two computers to create the same shared secret key without any prior communication. The sender and receiver never actually exchange this shared key. However, because it is known to both parties, it can be used by an encryption algorithm to encrypt traffic between the two systems.
The security of the DH algorithm is based on the fact that it uses incredibly large numbers in its calculations. For example, a 1024-bit DH number is approximately equal to a 309-digit decimal number. Considering that a billion has 10 digits (1,000,000,000), it is easy to imagine the difficulty of working with not one, but several decimal numbers consisting of 309 digits. Unfortunately, asymmetric key systems are too slow and cannot be used to encrypt large amounts of data. That is why the standard practice is to encrypt large amounts of traffic with a symmetric algorithm, such as 3DES or AES, and use the Diffie-Hellman algorithm to create the keys that will be used by the encryption algorithm.
| Alice |
|
Bob |
|
Charlie |
| Known |
Unknown |
Known |
Unknown |
Known |
Unknown |
| p = 23 |
|
p = 23 |
|
p = 23 |
|
| g = 5 |
|
g = 5 |
|
g = 5 |
|
| a = 6 |
b, c |
b = 15 |
a, c |
c = 8 |
a, b |
| A = 5^a mod 23 |
|
B = 5^b mod 23 |
|
C = 5^c mod 23 |
|
| A = 5^6 mod 23 = 8 |
|
B = 5^15 mod 23 = 19 |
|
C = 5^8 mod 23 = 16 |
|
| B = 19, C = 16 |
|
A = 8, C = 16 |
|
A = 8, B = 19 |
|
| S = C^a mod 23 |
|
S = A^b mod 23 |
|
S = B^c mod 23 |
|
| S = 16^6 mod 23 = 2 |
|
S = 8^15 mod 23 = 2 |
|
S = 19^8 mod 23 = 2 |
S |
Additional Theory
🔐 Diffie-Hellman Key Exchange — Step-by-Step Theory
The Diffie-Hellman algorithm is like a magic trick that lets two people create a shared secret code, even if someone is listening. Here’s how it works, explained simply:
✅ Step 1: Agree on Public Numbers
Imagine two friends, Alice and Bob, want to create a secret code. They start by agreeing on two numbers that everyone can know:
- A prime number p = 17
- A base number g = 3
These numbers are public and act as the starting point for their "math game."
✅ Step 2: Pick Secret Numbers
Now, each person chooses a secret number that only they know:
- Alice picks 4
- Bob picks 9
These are their private keys, like secret passwords they don’t share with anyone.
✅ Step 3: Share Public Keys
They do some math using g, p, and their secret numbers:
- Alice: 3^4 = 81, and 81 mod 17 = 13 → Alice’s public key is 13
- Bob: 3^9 = 19683, and 19683 mod 17 = 14 → Bob’s public key is 14
They send these public keys to each other. It’s okay if someone else sees these numbers—they’re not the secret!
✅ Step 4: Create the Shared Secret
Now, they use each other’s public key and their own secret to find the same shared code:
- Alice takes Bob’s 14: 14^4 = 38416, and 38416 mod 17 = 1
- Bob takes Alice’s 13: 13^9 = 10604499373, and 10604499373 mod 17 = 1
🎉 Result: Both get the same number—1! This is their shared secret, which they can use as a key to lock and unlock messages.
❓ Why Can’t a Hacker Break It?
Let’s say someone, Eve, is listening. She knows:
- p = 17
- g = 3
- The public keys: 13 and 14
But she doesn’t know the secrets: 4 and 9. To find them, she’d need to solve a really hard math problem called the "discrete logarithm." With big numbers, this is super difficult—even for computers!
