Chris Spackman's NeoCities Page
Diffie-Hellman Key Exchange
This demonstration shows how two people (Alice and Bob) can use the Diffie-Hellman key exchange protocol to securely create a shared secret over an insecure channel. This shared secret can then be used for encrypted communication.
The process involves two public numbers: a public base (g) and a public modulus (p), which are numbers both people agree upon (in the open — it is okay if other people know them), and private numbers chosen separately by Alice (a) and Bob (b). These private numbers are never shared with anyone. To be clear, Bob does NOT know Alice's secret number, and Alice does not know Bob's. In real life, all of these numbers are very, very big.
Step 1: Input Values
Use the defaults, or enter your own values for the public base (g), public modulus (p), and private numbers for Alice (a) and Bob (b). (p) MUST be a prime number.
Step 2: Results
After performing the key exchange (button below), the results will show:
- Alice's Computed Value (A): This is her public key derived from her private number. She will share this with Bob.
- Bob's Computed Value (B): This is his public key derived from his private number. He will share this with Alice.
- Shared Secret: Both Alice and Bob compute the same shared secret using their private number and the other person's public key. This shared secret allows them to begin sending encrypted messages securely, without ever having sent this secret key in a way that someone could intercept it.
Step 3: How It Works
Here's what happens behind the scenes:
- Alice computes her public key (A): She calculates A = ga mod p, where g is the public base, p is the public modulus, and a is her private number.
- Bob computes his public key (B): He calculates B = gb mod p, where g is the public base, p is the public modulus, and b is his private number.
- Exchange of public keys: Alice and Bob share their computed values (A and B) with each other over an insecure channel.
-
Shared secret computation:
- Alice calculates S = Ba mod p using Bob's public key and her private number.
- Bob calculates S = Ab mod p using Alice's public key and his private number.
- Mathematically, Ba mod p equals Ab mod p, so both compute the same shared secret (S).
Why This Works
The security of the Diffie-Hellman key exchange relies on the difficulty of solving the discrete logarithm problem, which makes it computationally infeasible (aka almost impossible) for an eavesdropper to determine the shared secret, even if they know g, p, A, and B.
In The Real World
In real-world applications of Diffie-Hellman, the numbers used are much larger, for security reasons:
- Public Base (g):
- Typically a small integer, often 2 or 5.
- Public Modulus (p):
- A large prime number, typically at least 2048 bits (roughly 617 decimal digits) for secure communication.
- Private Keys (a and b):
- Random integers significantly smaller than p (but still large enough to be secure). Usually at least 256 bits (around 77 decimal digits).
- Shared Secret:
- The result is a very large number, making it suitable for deriving encryption keys.
FAQ
- Why Prime Numbers?
- Prime numbers ensure that the computations result in a secure shared secret that cannot be easily guessed or calculated by an attacker.
- Why Large Numbers?
- The larger the numbers, the harder it is for an attacker to compute the private keys from the public information. This ensures the security of the key exchange.
Publication date: 2025-01-03
This page is Copyright © 2025 Chris Spackman.
This web site developed entirely on GNU/Linux with Free / Open Source Software.
This work is licensed under a
Creative Commons
Attribution-ShareAlike 4.0 International License.
