Diffie-Hellmann Key Exchange


A and B can agree on a secret key while communicating over a public/insecure network!


Given: A and B want to agree upon a secret colour. Eavesdropper C who is able to intercept their messages.

Assumption: Color seperation is expensive.

C could not come up with P , X and Y from P+X and P+Y as they are almost inseperable. C is unable to make P+X+Y and thus P+X+Y is now the secure private key for A and B.

Diffie-Hellmann Key Exchange

Simple cryptographic use case

A and B publicly agree on a prime number p (say 23). A and B then agree on a generator g (say 5) belonging to {1, ... , p-1}. (More on this below)

This is because (g^a)^b mod p = (g^b)^a mod p

i.e. (g^a mod p)^b mod p = (g^b mod p)^a mod p

Even though C is aware of prime number p, generator G, A's message A1 and B's message B1; C is unable to generate the new secret key as it is computationally intractable to find secret keys from A1 and B1 i.e. It is hard to figure out x in g^x mod p = A1

But is this secure enough?

Discrete Logarithm Problem

Given p , g , g^x mod p , find x. This problem gets really hard for very large prime values of p. Finding the solution in polynomial time is still an unsolved problem in computer science. Thus, the strength of the Diffie-Hellman key exchange is the Discrete Logarithm Problem.

Why generators? What do they generate?


A group is a set with operation under : closure , existence of inverse element , associativity, existence of identity element . For instance, (Z,+) is integer group under addition.

Groups which can be generated by a single element are called cyclic groups. These special elements are called generators.

Example: Consider a dot operation defined as a . b = (a*b) mod n over a simple group G : {1,2,3,4} for n = 5

Also consider the notation that a[i] = ((a . a ). a) ... (i times).

Now, a number g from G will be called a generator if it performs the operation on itself to generate the whole group.

Since, we can generate G from 2 and 3, they are the generators of group (G,dot) .

Generators have a property that g^i mod p generate a group of numbers between 1 to p-1 and that every number is equally likely to be generated. This group is called multiplicative group of integers modulo n. It is defined as a group of integers coprime to n from the set {0,1,...n-1} under multiplication modulo n. (a . b = (a*b) mod n). Since our p is prime, the generated group includes all numbers from 1 to p-1.

This way, the encryption key could take any value between 1 to p-1 equally likely and thus it is harder to guess for larger values of p.

Such cyclic groups modulo p, a large prime number, and a corresponding generator ( primitive root modulo p ) g are used to create secure public key transfer protocol given that discreet logarithm problem is hard to solve.


Impersonation issues. Any information passed to the insecure channel could be intercepted by an impersonator who could act like the actual receiver.


We realise that since we use a large prime p, the encryption key becomes huge as well, as g^ab mod p always lies between 1 to p-1. This proves to be memory extensive.

An interesting area is Elliptic curve cryptography which tends to reduce the encryption key size and provide equivalent security.

Last Updated: 3 April 2020