Diffie–Hellman key exchange is a method for generating symmetric cryptographic keys over a public channel. The key is never transmitted, but is instead derived independently using information exchanged.
Algorithm
The fundamental operation in Diffie-Hellman is modular exponentiation
Diffie-Hellman involves two public parameters:
- A prime number
- A base number
(also called a generator, should be primitive root modulo g) Both parties then choose their private exponent and perform modular exponentiation: - Alice chooses secret
and computes - Bob chooses secret
and computes After exchanging their public values, each party uses the other’s public value and their own private number to compute the shared secret: - Alice computes the secret as
- Bob computes the secret as
Security
The security of Diffie–Hellman relies on the fact that the discrete logarithm problem being computationally difficult (given
Diffie-Hellman also doesn’t offer authentication by default, and thus is subject to man-in-the-middle attack.