DEV Community

pranjalnandeshwar
pranjalnandeshwar

Posted on

Diffie Hellman Key Exchange Algorithm

Introduction: Diffie Hellman key exchange algorithm is a method for securely or secretly exchanging cryptographic keys or a key use in encryption or decryption over a public communications channel or away. Keys are not eventually exchanged, they are joint and derived. It is named after their inventors who invented this algorithm i.e. Whitfield Diffie and Martin Hellman.

Working Principle: The Diffie-Hellman key exchange works like mixing colors by exchanging key colors.
Let’s say we have two users, Alice and Bob.

  • They both agree to use random color which is known(public) to everyone (i.e. yellow).
  • They both have selected a private color for themselves (red and sea-green).
  • Before sharing a color, both mix their private color with public color.
  • Both exchange the received output colors with each other.
  • For identity verification, both mix their private color in the new color which they received from each other.
  • After mixing private color both will have identical color as final color, which identifies the exchange of color is successful i.e. they have securely exchanged the keys.
  • If the attacker has intercepted the color exchange, it would be difficult to determine the secret color. Alt Text

Actual Working:
Diffie Hellman uses two numbers:
1) A large Prime number (p)
2) The primitive root of the prime number (q)

The prime number (p) and the primitive root (q) are known to everyone i.e. they are public keys.
Now the sender (Alice) and the receiver (Bob) have to select a private key for transmission.
Let Alice select private key as 'r' and Bob select its private key as 's'.
Similar to color mixing, Alice and Bob use the below equation to mix their secret keys into public keys:
X = q^r mod p
Y = q^s mod p
Now, values of X and Y are exchanged between them.
The sender (Alice) computes A = Y^r mod p and the receiver (Bob) computes B = X^s mod p.

Let's take an example for a better understanding.
Let p = 23 and q = 5 (primitive root of 23)
Alice chooses r = 2 and Bob selects s = 3
Therefore,
X = 5^2 mod 23
X = 25 mod 23
X = 2

Y = 5^3 mod 23
Y = 125 mod 23
Y = 10

Now Alice computes:
A = 10^2 mod 23 ;
A = 8.
And Bob calculates:
B = 2^3 mod 23 ;
B = 8.
From the above computation, we get A = B, which shows that they have securely exchanged the keys.

Limitations: The most serious limitation of Diffie-Hellman in its basic or "pure" form is the absence of authentication. Communications using Diffie-Hellman all by itself are vulnerable to man in the middle attacks used in any cipher. Ideally, Diffie-Hellman should be used or need in conjunction with an admit authentication method such as digital signatures to verify the identities of the person using this signature in a bank or somewhere over the public communications medium. Diffie-Hellman is well suited for use in data communication but is less often used for data stored or archived over long periods in this kind of cipher.

References:

  1. Wikipedia
  2. Dzone

Top comments (0)