Diffie-Hellman key agreement


Diffie-Hellman key agreement allows two principals (people) to agree upon a shared key without authentication.



We have a public, large, secure prime $p$ and a generator $g \in Z^*_p$.

Key Exchange

The following calculations all take place $\mod p$

  1. We have principals $A$ and $B$
  2. The principals choose keys
    1. $A$ selects a random integer $x$ such that $1 \leq x \lt p-1$
    2. $B$ selects $y$ similarly
  3. The principals send their keys
    • $A \overset{g^x}{\rightarrow} B$
    • $B \overset{g^y}{\rightarrow} A$
  4. The principals calculate the same key together
    • $A$ receives $m =g^y$ from $B$ and calculates $m^x = (g^y)^x = g^{xy}$
    • $B$ receives $n = g^x$ and calculates $g^{xy}$ similarly
  5. Both principals now know $g^{xy}$ in such a way that a passive attacker cannot find it, presuming DHP to be intractable.


Diffie-Hellman is vulnerable to a man in the middle attack in which an eavesdropper $E$ intercepts each communication and sets up their own key agreement with each principal. $E$ can then decrypt all messages from each principal and re-encrypt them for the other, potentially changing the message.

Back to Computer Security