Diffie-Hellman Key Exchange: Sharing Secrets in Public

simulation intermediate ~7 min
Loading simulation...
p=23, g=5. Alice secret=6 → public=5⁶ mod 23=8. Bob secret=15 → public=5¹⁵ mod 23=19. Shared: 19⁶ mod 23 = 8¹⁵ mod 23 = 2 ✓

With p=23, g=5: Alice computes 5^6 mod 23 = 8 (public). Bob computes 5^15 mod 23 = 19 (public). Both arrive at shared secret 2.

Formula

A = g^a mod p (Alice's public value)
B = g^b mod p (Bob's public value)
S = B^a mod p = A^b mod p = g^(ab) mod p (shared secret)

The Key Distribution Problem

Before 1976, secure communication required a shared secret key — but how do you share a secret securely without already having a secure channel? This chicken-and-egg problem plagued cryptography for centuries. Governments used diplomatic pouches; militaries used trusted couriers. For the nascent internet, these methods were impossible. Whitfield Diffie and Martin Hellman's breakthrough was showing that two strangers could agree on a shared secret over a completely public channel, in full view of eavesdroppers, and the eavesdroppers could not determine the secret.

How the Exchange Works

Alice and Bob publicly agree on a prime p and a generator g. Alice picks a secret number a and computes A = g^a mod p, sending A publicly. Bob picks a secret b and computes B = g^b mod p, sending B publicly. Alice then computes S = B^a mod p. Bob computes S = A^b mod p. Remarkably, both get the same value: g^(ab) mod p. An eavesdropper who sees g, p, A, and B cannot efficiently compute g^(ab) mod p without knowing either a or b — this is the Discrete Logarithm Problem, believed to be computationally intractable for large primes.

The Discrete Logarithm Problem

Given g^a mod p, finding a is called the discrete logarithm. For small numbers (as in this simulation), you can try all possibilities. But for a 2048-bit prime p, the number of possibilities is approximately 2^2048 — more than the number of atoms in the observable universe multiplied by itself several times. The best known classical algorithms (Number Field Sieve for Discrete Logarithm) are sub-exponential but still infeasible at this scale. This mathematical asymmetry — easy to compute, hard to reverse — is the foundation of Diffie-Hellman security.

Modern Usage and Forward Secrecy

Every time you see the padlock icon in your browser, Diffie-Hellman (or its elliptic curve variant ECDH) is at work. Modern TLS uses Ephemeral Diffie-Hellman (DHE or ECDHE), where fresh random values are generated for each session. This provides forward secrecy: even if a server's long-term private key is later compromised, past session keys cannot be recovered. The protocol was declassified in 1997 when GCHQ revealed that James Ellis and Clifford Cocks had independently discovered public-key cryptography at British intelligence in 1969 — seven years before Diffie-Hellman's publication.

FAQ

What is Diffie-Hellman key exchange?

A method for two parties to agree on a shared secret key over an insecure public channel, without ever transmitting the secret itself. Published in 1976 by Whitfield Diffie and Martin Hellman.

Why can't an eavesdropper compute the shared secret?

Because it requires solving the Discrete Logarithm Problem — given g^a mod p, finding a is computationally infeasible for large primes, even though computing g^a mod p from a is easy.

Where is Diffie-Hellman used today?

It's the foundation of TLS (HTTPS), SSH, VPNs, and most secure internet protocols. The Ephemeral Diffie-Hellman variant (DHE/ECDHE) provides forward secrecy.

Is Diffie-Hellman vulnerable to quantum computers?

Yes — Shor's algorithm solves the Discrete Logarithm Problem efficiently. Post-quantum replacements use lattice-based problems instead.

Sources

Other simulations: Cryptography

visualization

Caesar Cipher Visualizer
visualization

Cryptographic Hash Visualizer
simulation

One-Time Pad / Perfect Secrecy
calculator

RSA Public Key Encryption

Embed

<iframe src="https://homo-deus.com/lab/cryptography/diffie-hellman/embed" width="100%" height="400" frameborder="0"></iframe>
View source on GitHub