Diffie-Hellman Key Exchange
Two strangers create a shared secret over an open wire — the discovery that broke the millennia-old ‘you must meet first' assumption.
Why This Matters
For three thousand years cryptography assumed the two parties had already met to exchange a secret key. Diffie and Hellman proved that assumption wrong: two people who have never communicated can derive a shared secret while every byte they exchange is read by an eavesdropper. Without this single 1976 paper there would be no HTTPS, no Signal, no encrypted email, no online banking — the entire idea of secure communication between strangers depends on it.
Diffie and Hellman published ‘New Directions in Cryptography' in IEEE Transactions on Information Theory, November 1976. The paper proposed both public-key encryption (as a goal) and the key-exchange protocol (as a working example). Three British researchers at GCHQ — James Ellis, Clifford Cocks, and Malcolm Williamson — had discovered the same ideas between 1969 and 1974 but classification kept their work secret until 1997. The 1976 paper directly inspired Rivest, Shamir, and Adleman to find RSA the following year.
Both parties agree on a large prime p and a generator g. Alice picks a secret integer a and sends ga mod p. Bob picks a secret integer b and sends gb mod p. Each computes the shared key K = gab mod p — Alice raises Bob's value to her secret, Bob raises Alice's value to his. An eavesdropper sees p, g, ga, gb but cannot recover a, b, or K without solving the discrete logarithm problem, which has no known efficient classical algorithm.
Security rests on the discrete logarithm problem in a finite cyclic group. With a 2048-bit prime, no classical attack is known to be feasible. The 2015 Logjam attack exploited servers using common 512-bit primes — the lesson was to use larger groups and to switch to elliptic curves where 256-bit keys suffice (X25519). DH is vulnerable to active man-in-the-middle attacks because the exchanged values are unauthenticated — in practice DH is always combined with authentication (signatures, certificates, or a pre-shared password).
| Where | How Diffie-Hellman is Used |
|---|---|
| TLS 1.3 (HTTPS) | Every modern HTTPS handshake uses ECDHE (ephemeral elliptic-curve DH) for forward secrecy |
| Signal / WhatsApp / iMessage | X3DH and the Double Ratchet are layered Diffie-Hellman exchanges |
| SSH | Default key-exchange method since SSH-2 |
| WireGuard / Tor | Both built on Curve25519 ECDH |
| IPsec / IKEv2 | DH groups 14–21 in every VPN handshake |
| Era | Modern · 1976 |
| Status | In active use everywhere; modern variant ECDH (X25519) preferred over classical DH |
| Origin | Whitfield Diffie & Martin Hellman, ‘New Directions in Cryptography' (1976); Ralph Merkle independently |
| Year | 1976 |
| Type | Public-key key-agreement protocol — not a cipher (does not encrypt data) |
| Modern Role | Establishes the symmetric key for nearly every TLS 1.3, SSH, Signal, and WireGuard session in existence |