Diffie-Hellman was the first public-key algorithm ever invented, way back in 1976 . It gets its security from the difficulty of calculating discrete logarithms in a finite field, as compared with the ease of calculating exponentiation in the same field. Diffie-Hellman can be used for key distribution—Alice and Bob can use this algorithm to generate a secret key—but it cannot be used to encrypt and decrypt messages.
The math is simple. First, Alice and Bob agree on a large prime, n and g, such that g is primitive mod n. These two integers don't have to be secret; Alice and Bob can agree to them over some insecure channel. They can even be common among a group of users. It doesn't matter.
Then, the protocol goes as follows:
- (1) Alice chooses a random large integer x and sends Bob
- (2) Bob chooses a random large integer y and sends Alice
- (3) Alice computes
- (4) Bob computes
Both k and k are equal to gxy mod n. No one listening on the channel can compute that value; they only know n, g, X, and Y. Unless they can compute the discrete ...