Diffie-Hellman Key Exchange

Diffie-Hellman (1976) solved a fundamental problem: how can two people establish a shared secret over a public channel, even if an eavesdropper sees everything they exchange?

The Magic: Alice and Bob each have a secret. They exchange public values, and both can compute the same shared secret, but an eavesdropper cannot!

The Paint Mixing Analogy

Imagine mixing paints. It's easy to mix colors together, but nearly impossible to "unmix" them to recover the original colors.

Public:

Alice:

Bob:

The Mathematics

Public setup: Choose prime p and generator g
Alice: Picks secret a, computes A = g^a mod p, sends A
Bob: Picks secret b, computes B = g^b mod p, sends B
Alice: Computes s = B^a mod p = g^(ab) mod p
Bob: Computes s = A^b mod p = g^(ab) mod p
Result: Both have the same shared secret s!

Key Exchange Simulator

p (prime):

g (generator):

Alice's secret a:

Bob's secret b:

Click "Run Exchange" to see the protocol...

What Eve Sees

An eavesdropper (Eve) can see all public values, but cannot compute the shared secret:

Run an exchange to see Eve's view...

Eve's Problem: To compute g^(ab), Eve would need to find a from A = g^a mod p. This is the discrete logarithm problem, which is computationally hard for large primes!

Security Considerations

Secure Against

Passive eavesdropping
Recording communications
Anyone who only sees p, g, A, B

Vulnerable To

Man-in-the-middle attacks
Requires authentication
Often combined with signatures

Real-World Usage

HTTPS, TLS, VPNs: Nearly every secure connection on the internet uses Diffie-Hellman (or its elliptic curve variant ECDH) to establish session keys. When you see the padlock in your browser, DH is working behind the scenes!

Previous: RSA Encryption Next: Elliptic Curves