DEV Community

Cover image for Diffie–Hellman key exchange

Posted on


Diffie–Hellman key exchange

The Diffie-Hellman key exchange is the first widely used methodology for safely developing associated degreed exchanging keys over an insecure channel.It is used to secure a variety of Internet services.In the research published in October 2015 it is mentioned that the parameters used in many DH internet applications at that time were not strong enough to prevent compromise from attackers.It also includes security services of some countries.

To make it understand more clearly, here is an example which explains why the Diffie-Hellman key exchange is such an important milestone in the world of cryptography, and why it is still frequently used today.

The most common solution to encrypt the message is by using a code. Let us say that suppose you are a bad spy, and you and your community decide to use a weak shift-cipher algorithm to encode the messages. Then in this code, every “a” will be encrypted as “b”, every “b” will be encrypted as “c”, every “c” will be encrypted as “d”, and so on, until we reaches “z” encrypting as an “a”.

Under this shift cipher, the message “Let us get dinner” becomes “Mfu vt hfu ejoofs”. Thankfully, in our theoretical scenario, your opponent is just as incompetent as you are and is unable to crack such a simple code, that prevent them from accessing the contents of the message.

Cryptographic explanation:
The simplest as well as original implementation of the protocol uses the multiplicative group of integers modulo p, where p stands for prime, and g is a primitive root modulo of p. These two values are chosen in such a way that it will ensure the resulting shared secret.We can select any value ranging from 1 to p–1. Let's see an example of the protocol, including non-secret values in blue, and secret values in red.

Alice and Bob are publicly agreed to use a modulus p = 23 and base g = 5 (which is a primitive root modulo of 23).
Suppose Alice chooses a secret integer a = 4, then he sends Bob A = ga mod p
A = 54 mod 23 = 4
Bob chooses a secret integer b = 3, and sends it to Alice B = gb mod p
B = 53 mod 23 = 10
Alice computes s = Ba mod p
s = 104 mod 23 = 18
Bob computes s = Ab mod p
s = 43 mod 23 = 18
Alice and Bob now share a secret (the number 18).
At this point,both Alice and Bob have arrived at the same values

Only a and b are kept secret. All the other values – p, g, ga mod p, and gb mod p – are sent.The strength of the scheme comes from the fact that gab mod p = gba mod p take extremely long times to compute the knowledge of p, g, ga mod p, and gb mod p.After Alice and Bob compute the shared secret they can use it as an encryption key,which will known only to them, for sending messages across the same open communications channel.

Of course, larger values of a, b, and p would be needed if we want to make this example secure, since there are only 23 possible results of n mod 23. However, if p is a prime of at least 600 digits, then even the fastest modern computers cannot find a given only g, p and ga mod p. Such a problem is called the discrete logarithm problem.[3] The computation of ga mod p is known as modular exponentiation and can be done efficiently even for large numbers. Note that g need not be large at all, and in practice is usually a small integer (like 2, 3, ...).

Top comments (0)