4.4 Diffie-Hellman Key Exchange Algorithm
4.4 Diffie-Hellman Key Exchange Algorithm
4 Diffie-Hellman key
exchange Algorithm
-Mohd Janisar
• Diffie Hellman (DH) key exchange algorithm is a method
for securely exchanging cryptographic keys over a public
communication channel.
• Keys are not actually exchanged – they are jointly derived.
• It is named after their inventors Whitfield Diffie and Martin
Hellman.
• It is not encryption algorithm, but used to exchange keys
between 2 users.
• For this, we can use asymmetric encryption to exchange
the secrete key.
Lets consider the standard example of Alice and Bob
• When sender and receiver are at far distance, lets say Alice in USA and
Bob in India.
• They are sending data in an encrypted form with private key just for
enhancing security.
• But over the network, there are chances to have the transfer through an
unsecured network.
• Even their private key can be hacked by the hacker who can be the
intruder in unsafe network as shown in the diagram.
• Diffie-Hellman key exchange algorithm can be used to
generate key which can be exchanged between sender and
receiver.
• This algorithm can only be used to exchange the key
between them but not for any encryption and decryption
process.
• It is based on mathematical principals, especially uses raised
to the power and mod function in the expressions.
Steps :
• Select a large prime number say ‘q’. ( we will assume a smaller one
just to get ease of calculation in example. Lets assume q=7
• Select a number ‘α’ (alpha) such that it is the primitive root of ‘q’ and
α<q
• Primitive root can be defined as if a is a primitive root of q if and only
if a1 mod q till aq-1 mod q returns a sequence of non repeating values.
51 mod 7 =5
52 mod 7 =4 No value is getting repeated
53 mod 7=6 all sequential values are Lets check for 2
54 mod 7=2 produced. If q=7 then choose value of α can be checked with
55 mod 7 =3 so 5 is primitive root of 7. a=1, a=2, a=3 and so on till a=6
56 mod 7=1 Eg a=2 then
21 mod 7 =2
22 mod 7 =4 value 2 is getting repeated
23 mod 7=1 so not required tocheck till 6
24 mod 7=2 And so 2 is not primitive root of 7
• So we have q=7, α=5 wich are known to all.
• Lets have the step for generate key as follows:
• Assume private key for Alice is XA and YA for Bob
• Assume XA=3 such that XA< q, so 3<7
• Calculate public key YA as YA=αXAMOD q and similarly YB.
q=7, α=5 q=7, α=5
Let XA=3 Let XB=4
Then Then
YA=αXAMOD q YB=αXBMOD q
=53MOD 7 =54MOD 7
=125MOD7 =625MOD7
=6 =2
∴ YA= 6 ∴ YB = 2
The algorithm can be
diagrammatically described as
Public keys
YA=6
YB=2
Alice Bob
Key exchange
We can calculate the secret key just to check if
the exchange is successful or not as follows :
Both the sender and receiver will use public and private key to calculate
secret key with the formula K1=(YB )XAMOD q and K2=(YA )XBMOD q