By Charles Joseph | Cybersecurity Advocate
Diffie-Hellman is like a secret way two friends can agree on a shared secret number without anyone else knowing that number, even if someone is listening to their conversation.
Imagine two friends, Alice and Bob, who want to have a secret number that only they know.
They agree on a starting number (let’s call it G) and a big number (let’s call it P).
These two numbers are not secret, and anyone can know them.
Now, Alice and Bob each pick their own secret number.
Alice chooses a secret number A, and Bob chooses a secret number B.
They don’t share these numbers with each other or anyone else.
Next, Alice and Bob do some math with their secret numbers:
- Alice calculates: (G^A) % P, and gets a result X. (G raised to the power of A, then the remainder when divided by P)
- Bob calculates: (G^B) % P, and gets a result Y. (G raised to the power of B, then the remainder when divided by P)
Alice sends her result (X) to Bob, and Bob sends his result (Y) to Alice.
Others can see these numbers, but it’s very difficult for anyone to figure out their secret numbers A and B from X and Y.
Now, Alice and Bob do more math with the numbers they received:
- Alice calculates: (Y^A) % P, and gets a result Z.
- Bob calculates: (X^B) % P, and gets a result Z.
The magic of Diffie-Hellman is that the result Z is the same for both Alice and Bob, even though they did different calculations.
This shared result Z becomes their secret number, which nobody else knows.
In this way, Alice and Bob have created a secret number (Z) that only they know, even if someone were listening to their entire conversation.
Easy-to-Grasp Example of a Diffie-Hellman Key Exchange
Let’s go through a simplified example of how two parties could use Diffie-Hellman.
Also, please consider that the below values are deliberately kept small to make this understandable.
In a real-world scenario, these values would be orders of magnitude larger.
Okay, now for our example.
STEP 1: Agree on G and P
Alice and Bob both agree to use the following values for G and P (see above for why these letters were selected):
Starting number, G = 7
*Big number, P = 19
This number would ordinarily be much bigger, but for illustration purposes, let’s keep it small, so the math is easier to understand.
STEP 2: Choose a Secret Number
Alice’s secret number, A = 3
Bob’s secret number, B = 11
STEP 3: Calculate X and Y
Alice sends to Bob the value X, which she calculates using this formula: ( G ^ A ) % P = 1
Bob sends to Alice the value Y, which he calculates using this formula: ( G ^ B ) % P = 11
STEP 4: Calculate Z, the Shared Secret Number/Key
Alice, having received value Y, calculates Z from this formula: ( Y ^ A ) % P = 1
Bob, having received value X, calculates Z from this formula: ( X ^ B ) % P = 1
As you can see, Z is the same for both Alice and Bob, which is now their shared secret number/key.
"Amateurs hack systems, professionals hack people."
-- Bruce Schneier, a renown computer security professional