Security Encyclopedia

Diffie–Hellman (DH) Algorithm

The Diffie–Hellman (DH) Algorithm is a key-exchange protocol that enables two parties communicating over public channel to establish a mutual secret without it being transmitted over the Internet. DH enables the two to use a public key to encrypt and decrypt their conversation or data using symmetric cryptography.

DH is generally explained by two sample parties, Alice and Bob, initiating a dialogue. Each has a piece of information they want to share, while preserving its secrecy. To do that they agree on a public piece of benign information that will be mixed with their privileged information as it travels over an insecure channel. Their secrets are mixed with the public information, or public key, and as the secrets are exchanged the information they want to share is commingled with the common secret. As they decipher the other’s message, they can extract the public information and with knowledge of their own secret, deduce the new information that was carried along. While seemingly uncomplicated in this method’s description, when long number strings are used for private and public keys, decryption by an outside party trying to eavesdrop is mathematically infeasible even with considerable resources.

DH is one of the first practical implementations of public-key cryptography (PKC). It was published in 1976 by Whitfield Diffie and Martin Hellman. Other contributors who are credited with developing DH include Ralph Merkle and researchers within the United Kingdom’s intelligence services (c. 1969).

Example:

“The two are communicating over an open network using Diffie–Hellman encryption, so hackers or others seeking to eavesdrop or intercept a message are unlikely to break the encryption, even with considerable resources.”