Diffie Hellman Algorithm (DH)
Diffie Hellman (DH) key exchange algorithm is a method for securely exchanging cryptographic keys over a public communications channel. Keys are not actually exchanged – they are jointly derived. It is named after their inventors Whitfield Diffie and Martin Hellman.
If Alice and Bob wish to communicate with each other, they first agree between them a large prime number p, and a generator (or base) g (where 0 < g < p).
Alice chooses a secret integer a (her private key) and then calculates g^a mod p (which is her public key). Bob chooses his private key b, and calculates his public key in the same way.
Alice and Bob then send each other their public keys. Alice now knows a and Bob’s public key g^b mod p. She is not able to calculate the value b from Bob’s public key as this is a hard mathematical problem (known as the discrete logarithm problem). She can however calculate (g^b)^a mod p = g^ab mod p.
Bob knows b and g^a, so he can calculate (g^a)^b mod p = g^ab mod p. Therefore both Alice and Bob know a shared secret g^ab mod p. An eavesdropper Eve who was listening in on the communication knows p, g, Alice’s public key (g^a mod p) and Bob’s public key (g^b mod p). She is unable to calculate the shared secret from these values.
In static-static mode, both Alice and Bob retain their private/public keys over multiple communications. Therefore the resulting shared secret will be the same every time. In ephemeral-static mode one party will generate a new private/public key every time, thus a new shared secret will be generated.
Both RSA and Diffie Hellman (DH) are public-key encryption protocols used for secure key exchange. They are independent protocols that do not rely on one another.
Ephemeral Diffie-Hellman uses temporary, public keys. Each instance or run of the protocol uses a different public key. The authenticity of the server’s temporary key can be verified by checking the signature on the key. Because the public keys are temporary, a compromise of the server’s long term signing key does not jeopardize the privacy of past sessions. This is known as Perfect Forward Secrecy (PFS).
Diffie Hellman uses a private-public key pair to establish a shared secret, typically a symmetric key. DH is not a symmetric algorithm – it is an asymmetric algorithm used to establish a shared secret for a symmetric key algorithm.
Authenticated Key Agreement protocols exchange a session key in a key exchange protocol which also authenticate the identities of parties involved in the key exchange. Anonymous (or non-authenticated) key exchange, like Diffie–Hellman, does not provide authentication of the parties, and is thus vulnerable to man-in-the-middle attacks.
DH is still in use today, but certain precautions have to be taken with respect to its building blocks. Authentication also needs to be implemented on top of DH to prevent man-in-the-middle threats.
DH is considered secure against eavesdroppers if the finite cyclic group G and generator g are chosen properly. In particular, the order of the group G must be large, particularly if the same group is used for large amounts of traffic. With a large enough group G, solving the Diffie–Hellman problem to obtain g^ab considered difficult.
Diffie–Hellman exchange by itself does not provide authentication of the communicating parties and is thus vulnerable to a man-in-the-middle attack. An active attacker executing the man-in-the-middle attack may establish two distinct key exchanges, one with Alice and the other with Bob, effectively masquerading as Alice to Bob, and vice versa, allowing her to decrypt, then re-encrypt, the messages passed between them.
A secrecy chart is used to analyze who knows what at each step of a key-exchange algorithm.