The most surprising thing about Diffie-Hellman is that it allows two parties to agree on a shared secret key over an insecure channel without ever sending the secret key itself, or even a piece of it, directly.
Let’s see this in action with a simplified, illustrative example. Imagine Alice and Bob want to establish a secret key. They agree on two public numbers: a prime modulus $p$ and a base generator $g$.
- Alice chooses a secret integer $a$.
- Alice calculates $A = g^a \pmod{p}$ and sends $A$ to Bob.
- Bob chooses a secret integer $b$.
- Bob calculates $B = g^b \pmod{p}$ and sends $B$ to Alice.
Now, Alice has Bob’s public value $B$, and Bob has Alice’s public value $A$.
- Alice calculates her shared secret $S = B^a \pmod{p}$.
- Bob calculates his shared secret $S = A^b \pmod{p}$.
Because $(g^b)^a \pmod{p} = g^{ba} \pmod{p}$ and $(g^a)^b \pmod{p} = g^{ab} \pmod{p}$, both Alice and Bob arrive at the same secret value $S$, even though they never directly shared $a$, $b$, or $S$. An eavesdropper, Eve, only sees $p$, $g$, $A$, and $B$. To find $S$, Eve would need to compute either $a$ from $A = g^a \pmod{p}$ or $b$ from $B = g^b \pmod{p}$. This is the discrete logarithm problem, which is computationally infeasible for large prime numbers.
This system solves the fundamental problem of secure key distribution. In traditional symmetric encryption, you need a shared secret key beforehand. How do you get that key to the other party securely? Diffie-Hellman sidesteps this by generating the key in situ. It’s the foundation for many secure communication protocols, most notably TLS/SSL which secures web traffic.
The core mathematical operation is modular exponentiation. The security relies on the difficulty of the discrete logarithm problem. For practical applications, the prime modulus $p$ is a very large number, typically 2048 bits or more, and the generator $g$ is chosen carefully.
The specific values used in real-world implementations are crucial. For instance, in TLS 1.2, you might see parameters like a prime $p$ of 2048 bits and a generator $g=2$. The secrets $a$ and $b$ are random integers within a specific range determined by $p$.
A common misconception is that Diffie-Hellman is encryption. It’s not. It’s a key agreement protocol. The shared secret $S$ derived from Diffie-Hellman is then typically used as the key for a symmetric encryption algorithm like AES to encrypt the actual communication data. If you were to use Diffie-Hellman directly to encrypt messages, you’d be performing exponentiation with potentially very large numbers, which is inefficient and not its intended use.
The next step is understanding how Diffie-Hellman is used within protocols like TLS, and the security implications of different parameter choices and potential attacks like man-in-the-middle.