Diffie-Hellman Key Exchange:

It is a protocol that enables two users to establish a secret key using a public-key scheme based on
discrete logarithms. The protocol is secure only if the authenticity of the two participants can be
established.
Primitive Root:
A primitive root of a prime number p as one whose powers modulo generate all the integers from 1 to
p-1. That is, if a is a primitive root of the prime number p, then the numbers

are distinct and consist of the integers from 1 through p - 1 in some permutation.
For any integer b and a primitive root a of prime number p, we can find a unique exponent i such that

The exponent i is referred to as the discrete logarithm of b for the base a, mod p.

Diffie-Hellman Key Exchange Algorithm:

For this scheme, there are two publicly known numbers: a prime number q and an integer α that is a
primitive root of q. Suppose the users A and B wish to exchange a key K. User A selects a random integer
XA < q and computes YA. Similarly, user B independently selects a random integer XB < q and computes YB.
Each side keeps the X value private and makes the Y value available publicly to the other side. The whole
algorithm can be summarized as follows:

1
Diffie-Hellman Key Exchange Algorithm
2
Diffie-Hellman Key Exchange Example:
Key exchange is based on the use of the prime number q=353 and a primitive root of 353, in this case α=3.
A and B select secret keys XA=97, XB=233 respectively. Each computes its public key:

After they exchange public keys, each can compute the common secret key:

Attacker Example:
We assume an attacker would have available the following information:

In this simple example, it would be possible by brute force to determine the secret key 160. In particular,
an attacker E can determine the common key by discovering a solution to the equation 3a mod 353=40 or
the equation xb mod 353=248. The brute-force approach is to calculate powers of 3 modulo 353, stopping
when the result equals either 40 or 248. The desired answer is reached with the exponent value of 97,
which provides 397 mod 353 = 40.
With larger numbers, the problem becomes impractical.

3
Key Exchange Protocol Scenario using Diffie-Hellman:

4
Man-in-the-Middle Attack:
The protocol depicted in in the previous figure is insecure against a man-in-the-middle attack. Suppose
Alice and Bob wish to exchange keys, and Darth is the adversary. The attack proceeds as follows.

At this point, Bob and Alice think that they share a secret key, but instead Bob and Darth share secret key
K1 and Alice and Darth share secret key K2. All future communication between Bob and Alice is
compromised in the following way.

5
The key exchange protocol is vulnerable to such an attack because it does not authenticate the
participants. This vulnerability can be overcome with the use of digital signatures and public-key
certificates.