The Diffie-Hellman key exchange algorithm is the backbone in the majority of the internet sites and apps that we use. It is a fairly simple algorithm, yet it’s simplicity and ease of use (most of us don’t even realize it is being used) is what makes our communications secure. The Diffie-Hellman key exchange allows two users (people, sites, apps) to create and share a secret key with each other that will be used in encrypting their communication traffic. The beauty of this algorithm is when the secret key is agreed upon, in the open, meaning that even if the communication is being observed by a third party, there is no way to see the secret key during or after the key exchange. In addition, because of the easy in it’s implementation this algorithm can be applied not only to the complete conversation but to every text or packet that is sent over the network. This means if by some chance the secret key is cracked by a supercomputer only a single packet or text could be captured and the next message will have a completely different security key, this is know as perfect forward secrecy.

For the “Explain It Like I Am Five” the secret lock box example may be used. Consider Alice and Bob want to send a secret message to each other but live far apart.

  1. Alice puts a secret in a box and locks it with her own personal lock.
  2. Alice sends the box to Bob.
  3. Bob receives the box and although he can’t open it yet, he adds his own personal lock on the box.
  4. Bob sends the box back to Alice.
  5. Alice receives the box and removes her personal lock from the box, leaving only Bob’s lock.
  6. Alice sends the locked box back to Bob.
  7. Bob receives the box and now can open the box containing the secret because only his lock is on the box.

During this whole exchange the box could not be opened by a third party because it always had at least one lock. If Alice and Bob wanted to be even more secure they could change out their own lock with each message sent, minimizing any compromised secret to a single message. In this example the Diffie-Hellman key exchange is the process by how the secret was transported and not the actual secret.

This is a great visual representation of how modern online key exchanges works. All credit goes to the Computerphile channel on YouTube

For the math:

Alice’s Protocol: A = ga (mod p)

Bob’s Protocol: B = gb (mod p)

Alice’s Shared Key = Ba(mod p) = (gb )a (mod p)

Bob’s Shared Key =Ab (mod p) = (ga )b (mod p)

p and g = are agreed upon 2 prime numbers. Note: These numbers are not secret and are large prime numbers, p is larger and is usually 512 bits, while g is a primitive root.

a = Alice’s secret number (Private key)

b = Bob’s secret number (Private key)

Below I wrote a simple python script that can be tweaked to see how the Diffie-Hellman key exchange works. Here is the output results.

Diffie-Hellman Python Script
##diffie hellman python 3 example##

##declare variables
##The 2 prime numbers agreed upon for exchange (can be changed)
=23 ## Prime 
g=5  ## primative root modulo (base) 

## Secret keys of Bob and Alice (can be changed)
b=3   ## Bobs secret key 3
a=4   ## Alice secret key 4

## Computed protocol sent
Bob=(g**b) % p  ## Computed results of bob that he shares
Alice=(g**a) % p ## Computed results of Alice that she shares

## Computed shared secret
BobsSharedSecret=(Alice**b) % p  ## Computed shared secret key for Bob
AlicesSharedSecret=(Bob**a) % p  ## Computed shared secret key for Alice

#Print prime number values 
print( "The 2 prime numbers agreed upon for securely exchanging cryptographic keys." )
print( "Publicly Shared Prime: " , p)
print( "Public Primative Root Modulo: " , g)

#Bob sends Alice his computed results
print( "Diffie-Hellman protocol used (Public Primate Root)^(Individual secret integer)MOD(Prime)")
print( "Bob sends his computed results of (g^bMODp) over a public network: " , Bob)
print( "Alice sends her computed results of (g^aMODp) over a public network: " , Alice)

print( "Calculating Shared Secret..................................")

if BobsSharedSecret == AlicesSharedSecret:
    print( "Secret exchange was successful")
    print( "Bobs shared secret key =: ", BobsSharedSecret)
    print( "Alices shared secret key =: ", AlicesSharedSecret)
else:
    print( "Secret exchange has failed")  ## this is more to check if math checks out.