Diffie-Hellman is a way to generate a shared secret between two people, hence the secret can’t be seen by sniffer the communication which is well known eavesdrop in cyber world.
DH provides an algorithm to combine two secret keys into one. Given secret P and S, DH generates a new secret P-S, for instance.
Three characteristics are required to fulfill DH algorithm.
- Even possessing secret P and P-S, no way to retrieve secret S.
- Whatever amount of secret keys, always can generate new secret. Given secret P and P-S, DH generates secret P-P-S.
- The sequence of secret generation is irrelevant. Given secret A-B-C and secret B-A-C are identical.
The basic idea works like this, and this is the formula we will leverage:
- Alice shares two prime numbers g and p with Bob.
- Alice then picks a secret number a which Alice should keep in vault and does not share publicly.
- Instead Alice calculates g ** a mod p and send Bob the result, say A.
If g and p are big prime numbers, no one can reverse a even possessing g, p, and A. This fulfill the aforementioned characteristic #1.
- Bob also picks a secret b and send Alice the result B by calculating g ** b mod p.
- The key exchange has completed, Alice takes number B and calculates B ** a mod p to get shared secret.
- Bob also does the same operation, A ** b mod p.
Let’s prove the last two steps should get the same result as Alice and Bob’s shared secret, and DH does provide a secured way to exchange secret between two people.
(g ** b mod p) ** a mod p = (g ** b) ** a mod p
(g ** a mod p) ** b mod p = (g ** a) ** b mod p
Again, this also fulfill aforementioned characteristic #3, you will get the same result no matter which order you do the exponentiation.
