Diffie-Hellman Key Exchange Algorithm

Home>ICT>Diffie-Hel...

Diffie-Hellman key agreement was invented in 1976 during a collaboration between Whitfield Diffie and Martin Hellman and was the first practical method for establishing a shared secret over an unsecure communications channel.

The beauty of this scheme is that the two parties can agree on a symmetric key using this technique. This key can then be used for encryption and decryption.

	Party 1 (Alice)	Insecure channel	Party 2 (Bob)
Step 1	Both parties agree on a large prime nummber. prime number p
Step 2	Both parties agree on another large prime nummber. base prime number g
Step 3	Party 1 chooses a large secret integer. secret integer x
Step 4	Party 1 sends the number A to party 2. A = g^x mod p
Step 5			Party 2 chooses a large secret integer. secret integer y
Step 6			Party 2 sends the number B to party 1. B = g^y mod p
Step 7	Party 1 computes the secret key. K1 = B^x mod p		Party 2 computes the secret key. K2 = A^y mod p

After completing all the calculations, K1 is equal to K2.

In the above table, only small prime numbers and integers are chosen.

Mathematically, it is extremely difficult to find out x and y (and hence K1 and K2) from p, g, A and B if p, x and y are sufficiently large numbers.

If p is a prime of at least 300 digits, and x and y are at least 100 digits long, then it is not feasible to find the keys by using all computers in the world. Note that g need not be large at all, and in practice is usually either 2, 3 or 5.

This method does not provide authentication. It is vulnerable to a man-in-the-middle attack.

A person in the middle can establish one exchange with Alice and the other with Bob.

This allows the attacker to decrypt and then re-encrypt the messages passed between them.