Exploring Diffie-Hellman Encryption Overview

This page will present an overview of the Diffie-Hellman Key Exchange algorithm and review several common cryptographic techniques in use on the Internet today that incorporate Diffie-Hellman.

Introduction

The privacy requirements normally encountered in the traditional paper document world are increasingly expected in Internet transactions today. Secure digital communications are necessary for web-based e-commerce, mandated privacy for medical information, etc. In general, secure connections between parties communicating over the Internet is now a requirement.

Whitfield Diffie and Martin Hellman discovered what is now known as the Diffie-Hellman (DH) algorithm in 1976. It is an amazing and ubiquitous algorithm found in many secure connectivity protocols on the Internet. In an era when the lifetime of “old” technology can sometimes be measured in months, this algorithm is now celebrating its 25th anniversary while it is still playing an active role in important Internet protocols.

DH is a method for securely exchanging a shared secret between two parties, in real-time, over an untrusted network. A shared secret is important between two parties who may not have ever communicated previously, so that they can encrypt their communications. As such, it is used by several protocols, including Secure Sockets Layer (SSL), Secure Shell (SSH), and Internet Protocol Security (IPSec). These protocols will be discussed in terms of the technical use of he DH algorithm and the status of the protocol standards established or still being defined.

Overview of the Diffie-Hellman Algorithm

The mathematics behind this algorithm are conceptually simple enough that a high school student should be able to understand it. The fundamental math includes the algebra of exponents and modulus arithmetic.

For this discussion we will use Alice and Bob, two of the most widely traveled Internet users in cyberspace, to demonstrate the DH key exchange. The goal of this process is for Alice and Bob to be able to agree upon a shared secret that an eavesdropper will not be able to determine. This shared secret is used by Alice and Bob to independently generate keys for symmetric encryption algorithms that will be used to encrypt the data stream between them. The “key” aspect is that neither the shared secret nor the encryption key do not ever travel over the network.

Diffie-Hellman in SSL

Secure Sockets Layer (SSL) is a cryptographic protocol developed by Netscape in 1995. SSL V3.0 has since become the predominant method and de-facto standard for securing information flow between web users and web servers. This is most commonly done for business/financial traffic, e.g. credit card transactions. Specifically, “securing information” in this context, means to ensure confidentiality (prevent eavesdropping), authenticity (the sender is really who he says he is), and integrity (the message has not been changed en route).