← Back to Table of Contents

Diffie-Hellman: Agreeing on a Secret in Public

This is one of the most elegant ideas in all of computer science. Two people can agree on a shared secret while communicating over a completely public channel, and an eavesdropper who sees every message they exchange still can’t figure out the secret.

The Paint Mixing Analogy

Imagine Alice and Bob want to agree on a secret color. They’re communicating by shouting across a crowded room. Everyone can hear them.

Here’s how they do it:

1. They publicly agree on a starting color: yellow. Everyone knows this.
2. Alice picks a secret color that only she knows: red. She mixes it with yellow to get orange. She shouts “orange” across the room.
3. Bob picks a secret color that only he knows: blue. He mixes it with yellow to get green. He shouts “green” across the room.
4. Alice takes Bob’s green and mixes in her secret red. She gets a brownish color.
5. Bob takes Alice’s orange and mixes in his secret blue. He gets the same brownish color.

They both arrived at the same color. But an eavesdropper only heard “yellow,” “orange,” and “green.” To figure out the final color, they’d need to un-mix the colors to find Alice’s red or Bob’s blue. And un-mixing paint is really hard.

That’s Diffie-Hellman. Replace “colors” with “numbers” and “mixing” with “modular exponentiation,” and you have the real algorithm.

How It Works (Conceptually)

The actual math uses modular arithmetic. Here’s the concept without getting into the equations:

1. Alice and Bob publicly agree on two numbers: a large prime number p and a generator g. These are public. Everyone knows them.
2. Alice picks a secret random number a. She computes g^a mod p and sends the result to Bob. Call this A.
3. Bob picks a secret random number b. He computes g^b mod p and sends the result to Alice. Call this B.
4. Alice takes Bob’s B and computes B^a mod p. This gives her the shared secret.
5. Bob takes Alice’s A and computes A^b mod p. This gives him the same shared secret.

Both arrive at g^(ab) mod p. But an eavesdropper who knows g, p, A, and B would need to figure out a or b to compute the shared secret. This is the discrete logarithm problem, and for large enough numbers, it’s computationally infeasible.

sequenceDiagram
    participant A as Alice
    participant E as Eavesdropper
    participant B as Bob

    Note over A,B: Public: g and p (everyone knows these)
    A->>A: Pick secret a
    A->>B: A = g^a mod p
    Note over E: Sees A, but can't find a
    B->>B: Pick secret b
    B->>A: B = g^b mod p
    Note over E: Sees B, but can't find b
    A->>A: Shared secret = B^a mod p
    B->>B: Shared secret = A^b mod p
    Note over A,B: Both have the same shared secret
    Note over E: Can't compute the shared secret

Ephemeral Diffie-Hellman

Here’s where it gets really important for TLS.

In the basic version, Alice and Bob could reuse their secret numbers a and b for multiple sessions. But that’s dangerous. If an attacker ever discovers a (through a server compromise, a bug, or a future breakthrough), they can go back and decrypt every session that used that a.

Ephemeral Diffie-Hellman (DHE) solves this. “Ephemeral” means temporary. Both sides generate new random numbers for every single session. After the session ends, the ephemeral keys are discarded.

This means even if an attacker compromises the server and steals everything on it, they can’t decrypt past sessions. The ephemeral keys are gone. Each session’s secret dies with the session.

This property is called forward secrecy (sometimes called perfect forward secrecy). It’s one of the most important security properties in TLS, and it’s the reason TLS 1.3 mandates ephemeral key exchange.

ECDHE: The Modern Version

Classic Diffie-Hellman uses modular exponentiation with large prime numbers. It works, but the numbers need to be very large (2048+ bits) for adequate security, which makes the computation slower.

ECDHE (Elliptic Curve Diffie-Hellman Ephemeral) uses elliptic curve math instead. It provides the same security with much smaller numbers. A 256-bit elliptic curve provides roughly the same security as a 3072-bit classic DH group.

Smaller numbers mean faster computation and less data to transmit. This is why ECDHE is the standard key exchange in modern TLS. The most common curves are:

• X25519: Fast, simple, widely supported. The default choice.
• P-256 (secp256r1): NIST standard, also widely supported.
• P-384 (secp384r1): Higher security margin, used in some government contexts.

When you see a cipher suite with “ECDHE” in the name, it means the key exchange uses Elliptic Curve Diffie-Hellman with ephemeral keys. This gives you forward secrecy.

Why This Matters

Diffie-Hellman is the foundation of key exchange in TLS. Every modern TLS connection uses some form of it. Understanding how it works, and especially why ephemeral keys matter, is essential for understanding the handshake, forward secrecy, and the quantum threat.

Speaking of which: the security of Diffie-Hellman depends on the difficulty of the discrete logarithm problem. Quantum computers can solve this problem efficiently using Shor’s algorithm. That’s why post-quantum key exchange algorithms are being developed. We’ll cover that in Part X.

---

Next: Digital Signatures