Diffie–Hellman Key Exchange (DHKE) is a cryptographic method to securely exchange cryptographic keys (key agreement protocol) over a public (insecure) channel in a way that overheard communication does not reveal the keys. The exchanged keys are used later for encrypted communication (e.g. using a symmetric cipher like AES).
DHKE was one of the first public-key protocols, which allows two parties to exchange data securely, so that is someone sniffs the communication between the parties, the information exchanged can be revealed.
The Diffie–Hellman (DH) method is anonymous key agreement scheme: it allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure channel.
Note that the DHKE method is resistant tosniffing attacks (data interception), but it is vulnerable to man-in-the-middle attacks (attacker secretly relays and possibly alters the communication between two parties).
The Diffie–Hellman Key Exchange protocol can be implemented using discrete logarithms (the classical DHKE algorithm) or using elliptic-curve cryptography (the ECDH algorithm).
Key Exchange by Mixing Colors
The Diffie–Hellman Key Exchange protocol is very similar to the concept of "key exchanging by mixing colors", which has a good visual representation, which simplifies its understanding. This is why we shall first explain how to exchange a secret color by color mixing.
The design of color mixing key exchange scheme assumes that if we have two liquids of different colors, we can easily mix the colors and obtain a new color, but the reverse operation is almost impossible: no way to separate the mixed colors back to their original color components.
This is the color exchange scenario, step by step:
Alice and Bob, agree on an arbitrary starting (shared) color that does not need to be kept secret (e.g. yellow).
Alice and Bob separately select a secret color that they keep to themselves (e.g. red and sea green).
Finally Alice and Bobmix their secret color together with their mutually shared color. The obtained mixed colors area ready for public exchange (in our case orange and light sky blue).
The next steps in the color exchanging scenario are as follows:
Alice and Bob publicly exchange their two mixed colors.
We assume that there is no efficient way to extract (separate) the secret color from the mixed color, so third parties who know the mixed colors cannot reveal the secret colors.
Finally, Alice and Bob mix together the color they received from the partner with their own secret color.
The result is the final color mixture (yellow-brown) which is identical to the partner's color mixture.
It is the securely exchanged shared key.
If a third parties have intercepted the color exchanging process, it would be computationally difficult for them to determine the secret colors.
DHKE exchanges a non-secret sequence of integer numbers over insecure, public (sniffable) channel (such as signal going through a cable or propagated by waves in the air), but does not reveal the secretly-exchanged shared private key.
Again, be warned that DHKE protocol in its classical form is vulnerable toman-in-the-middle attacks, where a hacker can intercept and modify the messages exchanged between the parties.
Finally, note that the integers g, p, a and p are typically very big numbers (1024, 2048 or 4096 bits or even bigger) and this makes the brute-force attacks non-sense.
The Elliptic-Curve Diffie–Hellman (ECDH) is an anonymous key agreement protocol that allows two parties, each having an elliptic-curve public–private key pair, to establish a shared secret over an insecure channel.
ECDH is a variant of the classical DHKE protocol, where the modular exponentiation calculations are replaced with elliptic-curve calculations for improved security. We shall explain in details the elliptic-curve cryptography (ECC) section later.