8/21/2016

cryptography"DiffieHellmanKeyExchange"inplainEnglishInformationSecurityStackExchange

InformationSecurityStackExchangeis
aquestionandanswersitefor
informationsecurityprofessionals.Join
themitonlytakesaminute:

signup

login

tour

Anybodycanask
aquestion

Here'showitworks:

Signup

help

Anybodycan
answer

Thebestanswersarevoted
upandrisetothetop

DiffieHellmanKeyExchangeinplainEnglish
CansomeoneexplaintomewhatDiffieHellmanKeyExchangeisinplainEnglish?IhavereadinanontechnewspagethatTwitterhasjust
implementedthistechnologywhichallowstwopersonstoexchangeencryptedmessagesontopofanonsecuredchannel.Howisthat(ifthisis
true)?
cryptography

keyexchange diffiehellman asymmetric

editedMar19at20:03

EliasZamaria
107

askedNov24'13at1:10

user15119

11 Wikipediahasapictorialexplanation.RamchandraApteNov24'13at15:17
2 YouTubehasa(niceandeasy)videoexplaination:)TheRookierLearnerNov26'13at4:35

Thishasalreadybeenansweredinsignificantdetailonthissitesomewhere.I'lllookforalink...KnightOfNiJun9
'14at15:40

6Answers

DiffieHelmanisawayofgeneratingasharedsecretbetweentwopeopleinsuchawaythatthe
secretcan'tbeseenbyobservingthecommunication.That'sanimportantdistinction:You'renot
sharinginformationduringthekeyexchange,you'recreatingakeytogether.
Thisisparticularlyusefulbecauseyoucanusethistechniquetocreateanencryptionkeywith
someone,andthenstartencryptingyourtrafficwiththatkey.Andevenifthetrafficisrecorded
andlateranalyzed,there'sabsolutelynowaytofigureoutwhatthekeywas,eventhoughthe
exchangesthatcreateditmayhavebeenvisible.Thisiswhereperfectforwardsecrecy comes
from.Nobodyanalyzingthetrafficatalaterdatecanbreakinbecausethekeywasneversaved,
nevertransmitted,andnevermadevisibleanywhere.
Thewayitworksisreasonablysimple.Alotofthemathisthesameasyouseeinpublickey
cryptointhatatrapdoorfunctionisused.Andwhilethediscretelogarithmproblemistraditionally
used(thex ymodpbusiness),thegeneralprocesscanbemodifiedtouseellipticcurve
cryptographyaswell.
Buteventhoughitusesthesameunderlyingprinciplesaspublickeycryptography,thisisnot
asymmetriccryptographybecausenothingiseverencryptedordecryptedduringtheexchange.
Itis,however,anessentialbuildingblock,andwasinfactthebaseuponwhichasymmetric
cryptowaslaterbuilt.
Thebasicideaworksworkslikethis:
1.Icomeupwithtwoprimenumbersgandpandtellyouwhattheyare.
2.Youthenpickasecretnumber(a),butyoudon'ttellanyone.Insteadyoucomputegamodp
andsendthatresultbacktome.(We'llcallthatAsinceitcamefroma).
3.Idothesamething,butwe'llcallmysecretnumberbandthecomputednumberB.SoI
computegbmodpandsendyoutheresult(called"B")
4.Now,youtakethenumberIsentyouanddotheexactsameoperationwithit.Sothat'sBa
modp.
5.Idothesameoperationwiththeresultyousentme,so:Abmodp.
The"magic"hereisthattheanswerIgetatstep5isthesamenumberyougotatstep4.Nowit's

http://security.stackexchange.com/questions/45963/diffiehellmankeyexchangeinplainenglish

1/4

8/21/2016

cryptography"DiffieHellmanKeyExchange"inplainEnglishInformationSecurityStackExchange

The"magic"hereisthattheanswerIgetatstep5isthesamenumberyougotatstep4.Nowit's
notreallymagic,it'sjustmath,anditcomesdowntoafancypropertyofmoduloexponents.
Specifically:

(gamodp)bmodp=gabmodp
(gbmodp)amodp=gbamodp
Which,ifyouexaminecloser,meansthatyou'llgetthesameanswernomatterwhichorderyou
dotheexponentiationin.SoIdoitinoneorder,andyoudoitintheother.Ineverknowwhat
secretnumberyouusedtogettotheresultandyouneverknowwhatnumberIused,butwestill
arriveatthesameresult.
Thatresult,thatnumberwebothstumbleduponinstep4and5,isoursharedsecretkey.Wecan
usethatasourpasswordforAESorBlowfish,oranyotheralgorithmthatusessharedsecrets.
Andwecanbecertainthatnobodyelse,nobodybutus,knowsthatkeythatwecreatedtogether.
editedNov25'13at17:23

answeredNov24'13at7:28

tylerl
58.2k

19

109

186

6 DHispublickey/asymmetriccryptobutnotencryption.CodesInChaosNov24'13at12:15
8 Ithinkit'sworthmentioningthatthereasonthisissecureisthat,unlikenormallog(x),themodularlog(x)isthought
tobehardtocompute.Otherwisewecouldjustdo log_g(A) and log_g(B) toget a and b .
BlueRajaDannyPflughoeftNov24'13at19:25

7 Ithinkyoumightalsowanttoaddthat g isnotjustanyprimebutagenerator(oraprimitiveroot)of p
TheRookierLearnerNov26'13at4:40

8 @TheRookierLearnerthisanswerisasimplifiedexplanationofDHtherearequiteafewimportantdetailsomitted
forsimplicity.Thisshouldn'tbeconsideredanimplementationtutorial.tylerlNov26'13at5:57
Butassumingthisaninsecurenetwork,can'tijustfindtherootof'A'andtherefore'a'.andvoila!sorryformy
amateurquestionbutihavetolearn:pMero55May25at12:41

Theotheranswersdoanexcellentjobexplainingthemathsbehindthekeyexchange.Ifyou'd
likeamorepictorialrepresentation,nothingbeatstheexcellentpaintanalogyshownontheDiffie
HellmankeyexchangeWikipediaentry:

http://security.stackexchange.com/questions/45963/diffiehellmankeyexchangeinplainenglish

2/4

8/21/2016

cryptography"DiffieHellmanKeyExchange"inplainEnglishInformationSecurityStackExchange

Imageisinthepublicdomain
answeredJun9'14at14:30

Duncan
681

Thisimageisgreatatexplainingwhatitdoes.Myonlyproblemwas"Iftheattackerknowsthecommonpaintandhe
knowstheendmixtures,whycan'thefigureouttheoriginalcolor?".Theanswerisofcoursethatit'snotthecolorhe
needstoknow,buttheactualoriginalmixture,andasyoumentioned,themixtureseparationisexpensive.The
actualmathematicsthatallowsforthiswouldbegreattoknowinbriefdetailaswell.ffledglingJul29at13:49

DiffieHellmanisanalgorithmusedtoestablishasharedsecretbetweentwoparties.Itis
primarilyusedasamethodofexchangingcryptographykeysforuseinsymmetricencryption
algorithmslikeAES.
Thealgorithminitselfisverysimple.Let'sassumethatAlicewantstoestablishasharedsecret
withBob.
1.AliceandBobagreesonaprimenumber,
let'sassumethat p=23 and g=5 .
2.Alicechoosesasecretinteger
example,Ahasthevalueof8.

,andabase,

,inadvance.Forourexample,

whosevalueis6andcomputes

3.Bobchoosesasecretintegerbwhosevalueis15andcomputes
example,Bhasthevalueof19.
4.Alicesends

toBobandBobsends

A=g^amodp

B=g^bmodp

.Inthis

.Inthis

toalice.

5.Toobtainthesharedsecret,Alicecomputes
thevalueof s=2
6.Toobtainthesharedsecret,Bobcomputes
vlaueof s=2 .
Thealgorithmissecurebecausethevaluesof
transmittedacrossthewireatall.

s=B^amodp

s=A^bmodp

and

.Inthisexample,Aliceobtains

.Inthisexample,Bobobtainsthe

,whicharerequiredtoderive

arenot

answeredNov24'13at2:35

TerryChia
31.7k

10

82

155

5 It'snice,butyoucould'vealsoquotedthatit'sfromWikipedia.Waffle'sCrazyPeanutMay4'15at2:50

IfyouwantasimplerplainEnglishexplanationofDHthatcanbereadilyunderstoodbyevennon
technicalpeople,thereisthedoublelockedboxanalogy.
1.Aliceputsasecretinaboxandlocksitwithapadlockthatshehastheonlykeytoopen.
ShethenshipstheboxtoBob.
2.Bobreceivesthebox,putsasecondpadlockthatonlyhehasthekeytoonit,andshipsit
backtoAlice.
3.AliceremovesherlockandshipstheboxtoBobasecondtime.
4.Bobremoveshislock,opensthebox,andhasaccesstothesecretthatAlicesenthim.
Sincetheboxhasalwayshadatleastonelockonwhileintransit,Eveneverhastheopportunity
toseewhat'sinsideandandstealthesecret:Inthisacryptographickeythatwillbeusedfor
encryptingtheremainderofAliceandBob'scommunications.
answeredNov24'13at15:41

DanNeely
892

14

1 NowthisiswhatIcallaplainEnglishexplanation.loveyouman.user15119Nov24'13at16:31
25 WhileplainEnglish,thisdoesn'tdescribeDiffieHellman.ItdescribestheThreepassprotocolwhichhas
significantlydifferentpropertiesfromDH.Forexampleitrequiresthreepasses,whereasDHonlyrequiresasingle
pass.CodesInChaosNov24'13at18:21

Thekeyexchangeproblem
Asecureconnectionrequirestheexchangeofkeys.Butthekeysthemselveswouldneedtobe
transferedonasecureconnection.

http://security.stackexchange.com/questions/45963/diffiehellmankeyexchangeinplainenglish

3/4

8/21/2016

cryptography"DiffieHellmanKeyExchange"inplainEnglishInformationSecurityStackExchange

Therearetwopossiblesolution:
1.exchangethekeybyphysicallymeetingandsharingthekeys.
2.Somehowestablishedasharedsecretonapublicunsecurechannel.Thisiseasiersaid
thandone,andthefirstsuchimplementationofthisistheDiffieHellmanScheme.

Properties
DiffieHellmanmakesuseofamathematicalfunctionwiththefollowingproperties:
1.ItisEASYtocompute
2.ItisHARDtoinvert

f[x]

f[x]

(from

toget

3.ItisEASYtocalculate

from

and

f[B]

4.ItisEASYtocalculate

from

and

f[A]

5.ItisHARDtocalculate

withouteither

or

(evenwith

f[A]

and

f[B]

HowDHschemeworks
1.Alicecomesoutwitharandomnumber A .Shecomputes
Aliceneverdisclosesher A ,noteventoBob.

2.Bobcomesoutwithanotherrandomnumber B .Hecomputes
Alice.Bobneverdiscloseshis B ,noteventoAlice.
3.Alicecomputes

using

and

f[B]

.Bobcomputes

4.Mallory,whoisEavesdropping,hasonly
calculate S .

f[A]

and

f[B]

,andsends

f[A]

f[B]

using

f[A]

,andsends

and

toBob.
to

f[B]

f[A]

,andsoitisHARDforherto

5.AliceandBobnowshareacommonsecretwhichcanbeusedas(ortocomeupwith)akey
toestablishasecureconnection.

Sidenote:
TheDiffieHellmanSchemedoesnotprovideauthenticationofanykind.Itonlyallow2
anonymouspartiestoshareacommonsecret.ButforallAliceknows,shecouldbeshaking
handswiththedevil(insteadofBob).Thisiswhyweneedatleastonepartytobeauthenticated.
Forexample:SSL(https),thewebserverisauthenticatedusingPKI(PublicKeyInfrastructure),
andthenasecureconnectionisestablished(DH)betweenthewebsiteandtheclient.Sincethe
websitehasbeenauthenticated,theclientcantrustthewebsite,butthewebsitecannottrustthe
client.Itisnowsafefortheclienttoprovidehisownauthenticationdetailsonthewebpage.
editedMar13at5:10

answeredDec15'15at23:54

aiao
144

Diffiehelmanisamathematicalalgorithmtoexchangeasharedsecretbetweentwoparties.This
sharedsecretcanbeusedtoencryptmessagesbetweenthesetwoparties.Notethatdiffie
helmandoesnotprovideauthenticationbetweenthesetwoparties.
answeredNov24'13at1:20

LucasKauffman
43.1k

85

157

Itlacksexplanation,Iwishyoucouldexplainalittlebitmore...user15119Nov24'13at2:11

4 Youwantedanenglishexplanationwithoutmath.LucasKauffmanNov24'13at8:56
InthecaseofanHTTPSconnection,authenticationishandledbytheSSLcertificateframework.Youcanbecertain
(asyoucanbe)thatyouarecommunicatingwiththeintendedpartiesthroughverificationandtrust.The
handshake/negotiationofanSSLconnectionisexpensiveintermsofoverhead.TheDHalgorithmallowsboth
partiestosecurelynegotiateasymmetrickeyforencryption/decryptionwhichismuchmoreefficient.k1DBLITZ
Nov25'14at15:53

http://security.stackexchange.com/questions/45963/diffiehellmankeyexchangeinplainenglish

4/4