The Diffie–Hellman Key Exchange

One of the most fundamental ideas in computer security is called the Diffie-Hellman key exchange algorithm. Suppose you have some sort of cryptography system where two people need the same key to encrypt and decrypt messages. One example of this type of symmetric key encryption is the AES (Advanced Encryption System) algorithm.

The problem is how do the two people exchange the secret key? If you send the key over any kind of network or the Internet, it could easily be intercepted. Years ago, the only way to exchange a secret key was to use a physical courier.

The Diffie-Hellman algorithm is a very clever way for two people to get the same secret key, even over an insecure communication channel. I was checking out the Wikipedia article on Diffie-Hellman, and the article is quite good. But one thing about the article bothered me.

The article illustrates Diffie-Hellman using an analogy of mixing colored paints. Before I go any further, let me remind you that there are three basic colors: red, yellow, blue. If you mix red and yellow you get orange. If you mix yellow and blue you get green. There are several ways to get brown, including green plus red, and orange plus blue.

Anyway, the Wikipedia article botched the color part. So I decided to harness my PowerPoint skills and redo the Wikipedia illustration to get the colors right.

This is essentially the same illustration as the one in the Wikipedia article on Diffie-Hellman but I redid the colors so they correspond to how real colors mix (sort of).

First, Alice sends Bob a common color (yellow). It doesn’t matter if the color is intercepted. Next, Alice mixes a personal secret color (red) to the common yellow, giving an orange mixture. Bob mixes his personal secret color (blue) to the common yellow, giving a green mixture.

Next, Alice and Bob exchange their mixtures. It doesn’t matter if the mixtures are intercepted, as long as it’s difficult or impossible to separate mixtures.

Now Alice adds her secret red to the green mixture from Bob, which gives a new brown mixture. Bob adds his secret blue to the orange mixture from Alice, which gives the same new brown mixture that Alice has. Alice and Bob now both have the same secret color, and it didn’t matter if any of the intermediate information was intercepted. Clever!

In real Diffie-Hellman, instead of colored paint, the two parties send numbers that are combined mathematically. The math is designed so that values are easy to compute, but difficult to “un-compute”. For example, given a, b, and p it is easy to compute x = (a^b mod p), but given x, a, and p, it is not easy to compute b. This is called the discrete logarithm problem.