eli5: deffie-hellman key exchange


I get the basic idea that raising (c^a mod(p))^b = (c^b mod(p))^a but how does one get a message out of this? Lets say Alice wants to send Bob a message, “Hello”. How does this message get attached on the encryption and decrypted? Its cool that we can get c^ab mod(p) everytime but how does this help in understanding the message?

In: 1

You don’t, not directly. Diffie-Hellman is a *key exchange* method, not an encryption method. This means it only handles the details of sharing a key. The actual encryption is done by a different algorithm (any encryption algorithm will do)

To send an encrypted message, you first perform a Diffie-Hellman key exchange with your partner to create a shared secret number (c^ab mod(p)). Once you both know that number, you can plug it into a standard encryption algorithm, [such as AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard), as the secret key.

The reason that Diffie-Hellman exists is that most encryption algorithms require both you and your partner to know the same secret key in order to communicate. This is not a problem if you can meet your partner in person to exchange keys, but if you can only talk to them online you need a way to create a shared secret key even though people can eavesdrop on all your messages. Diffie-Hellman is the process that allows you to do so.

To add to Pausbrak’s reply below

DH is not sending a message. DH is about creating a set of keys so that you CAN send a message.

If Alice and Bob want to trade messages they can each read, they need to have TWO copies of the same key. One for Alice and one for Bob.

HOW can Alice and Bob both get copies of the key?

They can’t just send it to each other. If they can’t trust their message system enough to send unencrypted messages, then they can’t trust their system to send encryption keys. The same bad guy (Eve) that would steal the messages, would steal a copy of the key.


DH is a way of solving this.

DH is a way for Bob and Alice to each get INSTRUCTIONS on how to build they key, without actually sending the key across the unsafe message system.


So basically, assume they working KEY is made of 3 parts.

part A.

Part B

Part C.

Alice has part A and only part A. That’s her secret.

Bob has part B and only part B. That’s his secret.

Everyone has part C. Part C is generated from some master key making tool. Anyone can see C. That’s fine. We don’t care.

Alice combines A with C to get AC. She sends AC to –> Bob.

Bob combines B with C to get BC. He sends BC to –> Alice.

This is the magic part.

Because of the special math, you can combine the numbers but you can’t reverse them back to figure out what the numbers were.

Example: You can Know BC. and you can know C. You still can’t reverse BC to figure out what just B was.

What that means for Diffie Hellman is

Alice builds AC and sends it to Bob. Bob Already had B. He now has the parts for A B and C.

Bob builds BC and sends it to Alice. She already had A. She now has the parts for A B C.

Eve, the eavesdropper is watching their messages. Eve steals C. Eve steals AC. Eve steals BC. Eve still never sees just A or Just B. Eve never gets the information she needs to build ABC.

So bob and alice get enough info to build working, identical ABC keys to talk to each other. Without letting anyone else see enough info to get a key to steal.