One of the Most Elegant Ideas in Computer Science
Before Diffie-Hellman, secure communication over a public channel required a prior secure channel to exchange the key — an obvious chicken-and-egg problem. In 1976, Whitfield Diffie and Martin Hellman published a protocol that allows two parties who have never communicated before to establish a shared secret in full view of an eavesdropper, using only public messages. The eavesdropper sees every message and still cannot compute the secret. The trick is a mathematical operation that is easy to perform but computationally infeasible to reverse.
The Paint Mixing Analogy
Imagine two people want to agree on a secret color without revealing it to anyone watching. They start by publicly agreeing on a common color — say, yellow. Alice picks a secret color and mixes it with yellow to get her public mixture. Bob picks a differe
The Actual Math with Small Numbers
The protocol uses modular exponentiation. Alice and Bob publicly agree on a prime p (say 23) and a generator g (say 5). Alice picks a secret integer a (say 6) and computes A = g^a mod p = 5^6 mod 23 = 8. Bob picks secret b (say 15) and computes B = g^b mo
The Discrete Logarithm Problem
Given g, p, and A = g^a mod p, finding a is the discrete logarithm problem. For small numbers it is trivial — just try all possibilities. For a 2048-bit prime p with roughly 2^2048 possible values, no known classical algorithm can solve it in feasible tim
Elliptic-Curve Diffie-Hellman (ECDH)
ECDH uses the same protocol structure but replaces modular exponentiation with elliptic curve point multiplication. The discrete logarithm problem on an elliptic curve — given points P and Q = k*P, find k — is believed to be harder than the integer versio
ClassicalDH key size for 128-bit security
ECDHkey size for 128-bit security (Curve25519)
Forward Secrecy with Ephemeral Keys
If a server uses the same long-term private key for all key exchanges, an attacker who later obtains that private key can decrypt all previously recorded sessions. Forward secrecy prevents this by generating a fresh ephemeral DH key pair for every connection. The ephemeral private key is discarded after the session ends. Even if the server's long-term certificate key is compromised years later, past sessions remain encrypted because the ephemeral keys no longer exist. TLS 1.3 mandates ephemeral ECDH for all handshakes.
Go Deeper: RSA
Diffie-Hellman solves key agreement but not identity — you know you share a secret with someone, but not who that someone is. RSA solves the identity problem with a different piece of mathematics, and understanding RSA from first principles — including why naive RSA is broken and what padding schemes actually do — clarifies how public-key authentication works throughout the internet.
