Definition

# Diffie-Hellman key exchange (exponential key exchange)

Contributor(s): Dr. Ron Peterson

Diffie-Hellman key exchange, also called exponential key exchange, is a method of digital encryption that uses numbers raised to specific powers to produce decryption keys on the basis of components that are never directly transmitted, making the task of a would-be code breaker mathematically overwhelming.

To implement Diffie-Hellman, the two end users Alice and Bob, while communicating over a channel they know to be private, mutually agree on positive whole numbers p and q, such that p is a prime number and q is a generator of p. The generator q is a number that, when raised to positive whole-number powers less than p, never produces the same result for any two such whole numbers. The value of p may be large but the value of q is usually small.

Once Alice and Bob have agreed on p and q in private, they choose positive whole-number personal keys a and b, both less than the prime-number modulus p. Neither user divulges their personal key to anyone; ideally they memorize these numbers and do not write them down or store them anywhere. Next, Alice and Bob compute public keys a* and b* based on their personal keys according to the formulas

a* = qa mod p

and

b* = qb mod p

The two users can share their public keys a* and b* over a communications medium assumed to be insecure, such as the Internet or a corporate wide area network (WAN). From these public keys, a number x can be generated by either user on the basis of their own personal keys. Alice computes x using the formula

x = (b*)a mod p

Bob computes x using the formula

x = (a*)b mod p

The value of x turns out to be the same according to either of the above two formulas. However, the personal keys a and b, which are critical in the calculation of x, have not been transmitted over a public medium. Because it is a large and apparently random number, a potential hacker has almost no chance of correctly guessing x, even with the help of a powerful computer to conduct millions of trials. The two users can therefore, in theory, communicate privately over a public medium with an encryption method of their choice using the decryption key x.

The most serious limitation of Diffie-Hellman in its basic or "pure" form is the lack of authentication. Communications using Diffie-Hellman all by itself are vulnerable to man in the middle attacks. Ideally, Diffie-Hellman should be used in conjunction with a recognized authentication method such as digital signatures to verify the identities of the users over the public communications medium. Diffie-Hellman is well suited for use in data communication but is less often used for data stored or archived over long periods of time.

This was last updated in August 2007

## Content

Find more PRO+ content and other member only offers, here.

#### Start the conversation

Send me notifications when other members comment.

## SearchCloudSecurity

• ### How the Flip Feng Shui technique undermines cloud security

The Flip Feng Shui attack against hypervisors could have both short and long-term effects on enterprises. Expert Ed Moyle ...

• ### How cloud endpoint protection products benefit enterprises

Cloud endpoint protection products are outpacing standard endpoint protections. Expert Frank Siemons discusses the evolution of ...

• ### How Microsoft's Secure Data Exchange bolsters cloud data security

Microsoft's new service, Secure Data Exchange, can help protect cloud data while in transit and at rest. Expert Rob Shapland ...

## SearchNetworking

• ### Cisco certification changes focus on data center and analytics

Cisco certification changes, effective in January, mean trainees will need to focus more on data center and analytics topics.

• ### Moving data center strategies: What to consider in an SDDC transition

Accommodating your legacy equipment when shifting to an SDDC takes a lot of time and careful study. What are some strategies to ...

• ### Dell's new multigig campus switches built for wired, wireless LAN

Dell is pitching the open networking features of its new campus switches. The hardware's ability to run any of several network ...

## SearchCIO

• ### Securing a board appointment: CIO requirements and benefits

A corporate board appointment can give a CIO invaluable perspective on running a business, but to get one, deep expertise and a ...

• ### PrivacyCon: Tech's assault on (obliteration of?) consumer privacy

The attack on consumer privacy by new tech is huge and growing, enabled by consumers and greased by profit; in other words, a ...

• ### Five analytics priorities for 2017

The International Institute for Analytics recommends embracing AI, clearly defining roles, and finding a balance between ...

## SearchConsumerization

• ### Android, Windows tablets from HP take aim at business users

HP released a new line of tablets targeting business users. The HP Pro Slate 8 and Pro Slate 12 run Android and cost \$449 and ...

• ### Microsoft to lay off 18,000, Nokia X moves to Windows Phone

Microsoft will lay off 18,000 people over the next year while the Nokia X line of Android smartphones, which was unveiled earlier...

• ### Microsoft Surface Pro 3 vs. Microsoft Surface Pro 2

Surface Pro 2 and Surface Pro 3 are different enough that Microsoft is keeping both on the market as competing products. Which ...

## SearchEnterpriseDesktop

• ### Give Windows 10 disk space a clean sweep

There are multiple ways to keep Windows 10 running smoothly, such as clearing the clutter of old files and applications. A more ...

• ### Windows 10 how-to guide

It's important to know how to work with Windows 10, including what to do about taskbar clutter and how to change the default save...

• ### MacBook Pro issues have bad timing, as Surface surges

Shortfalls of the new MacBook Pro are evident, as Apple pays more attention to other areas of its business. The lack of ...

## SearchCloudComputing

• ### Breaking down the costs of cloud storage

Storage is a primary reason enterprises move workloads to the cloud. But before shipping off your data, learn how region, ...

• ### Evaluate hybrid cloud management tools for your enterprise needs

Selecting hybrid cloud management tools is a complex task. Buyers must consider a long list of criteria such as costs, APIs, ...

• ### Google key management keeps pace with AWS, Azure

A new Google Cloud Key Management Service attempts to keep pace with AWS and Azure with an important feature for highly regulated...

## ComputerWeekly

• ### Blockchain can cut investment bank infrastructure costs by 30%

Investment banks can make huge cuts to their IT infrastructure costs through blockchain, according to analysis

• ### Post-Brexit UK success depends on digital, says tech industry

TechUK responds cautiously to prime minister Theresa May’s 12-point plan, calling for a “smooth and orderly” Brexit

• ### Oracle commits to expanding UK datacentre footprint in 2017

Database software giant’s renewed commitment to the UK market is part of a wider push to ramp up its cloud presence worldwide

Close