Diffie Hellman Key Exchange
Introduction
The Diffie Hellman (DH) Algorithm is a key-exchange protocol that enables two parties
communicating over public channel
to establish a mutual secret without it being transmitted over the Internet.
This revolutionary algorithm was proposed by Whitfield Diffie and Martin Hellman in 1976,
enabling two entities to agree
upon a secret key without prior arrangements, even in the presence of potential eavesdroppers.
Working of Diffie-Hellman Key Exchange
- Alice and Bob must agree upon two number:
- A large prime number P.
- A generator G, which is the primitive root of P.
- Alice and Bob randomly chose a private key, say A and B for Alice and Bob
respectively.
- These private keys are kept secret and not being shared.
-
Both Alice and Bob perform a calculation to generate their corresponding public keys.
- Alice's Public Key → XA = GAmodP
- Bob's Public Key → YB = GBmodP
- The public key are then shared with each other, XA is shared with Bob and YB is shared with Alice.
- Both Alice and Bob then calculates the Shared Secret Key using the public key received.
- Alice's Secret Key → KA = YABmodP
- Bob's Secret Key → KB = YBAmodP
- KA = KB, Alice and Bob now both have shared secret keys, which can be used for encryption and decryption of information using symmetric key algorithms.
Security
The security of the Diffie-Hellman key exchange is dependent on how it is implemented, as well as the numbers that are chosen for it. Diffie-Hellman has no means of authenticating the other party by itself, but in practice other mechanisms are used to ensure that the other party in a connection is not an impostor. As long as it is implemented alongside an appropriate authentication method and the numbers have been selected properly, it is not considered vulnerable to attack.