The surprising idea
Diffie Hellman lets two parties who have never met derive a shared secret while an eavesdropper watches every message. Each side picks a private number, combines it with public parameters, and exchanges the result. By mixing the other side's public value with their own private number, both arrive at the same secret that the eavesdropper cannot easily compute.
How the mixing works
- Both sides agree on public parameters such as a base and a large modulus.
- Each side chooses a secret private value and never sends it.
- Each computes a public value from the base raised to its private value, then exchanges it.
- Each raises the received public value to its own private value, landing on the identical shared secret.
The security rests on the discrete logarithm problem: recovering the private value from the public one is computationally hard for large numbers. Plain Diffie Hellman does not authenticate the parties, so it is paired with signatures or certificates to stop a man in the middle from substituting its own values. Modern systems often use the elliptic curve variant for the same security with smaller keys.
Key idea
Diffie Hellman lets two parties compute a shared secret over an open channel because reversing the public values requires solving the hard discrete logarithm problem, but it needs separate authentication to resist man in the middle attacks.