Diffie Hellman Algorithm Definition

KZero Staff
Aug 08, 2023

What is the Diffie-Hellman Algorithm?

Diffie-Hellman is a cryptographic algorithm designed to establish a shared secret key over a public channel. This is essential for applications that use symmetric encryption to secure messages, such as the Transport Layer Security (TLS) protocol or a virtual private network (VPN).

The History of Diffie-Hellman

The Diffie-Hellman algorithm is one of the earliest implementations of asymmetric encryption. It gets its name from the two researchers who first published in 1976: Whitfield Diffie and Martin Hellman. Although Diffie and Hellman are considered the main minds behind this technology, other contributors are also credited with developing it. Ralph Merkle is one of the most well-known contributors, and researchers from the United Kingdom’s intelligence services are also credited with its development. Merkle’s work preceded that of Diffie and Hellman but was classified until after their discovery.

How Does Diffie-Hellman Work?

Diffie-Hellman is an example of an asymmetric cryptographic algorithm. Each user — commonly called Alice and Bob — has a private key and an associated public key. Diffie-Hellman takes advantage of the properties of exponents and includes the following steps:

  1. Alice and Bob publicly agree on a prime modulus, p, and a base, g.
  2. Alice randomly selects a private key, a, to be less than p-2 and generates her public key as A=g^a. Similarly, Bob’s private and public keys are b and B=g^b, respectively.
  3. Alice and Bob publicly exchange their public keys, A and B.
  4. Alice and Bob generate the shared key by combining the other’s public key with their private key. For example, Alice computes S = B^a (mod p) and Bob computes S=A^b (mod p).

Alice and Bob should get the same value for S due to the properties of exponentiation. For example, S = B^a = (g^b)^a = g^(a*b) = (g^a)^b = (A^b).

Pros and Cons of Diffie-Hellman

Diffie-Hellman enables two parties to generate a shared secret key over a public channel, which is useful in various contexts. Additionally, it can be designed to offer perfect forward secrecy, where each message has a unique encryption key. This means that, if a user’s private key is compromised, an attacker still can’t read past messages. The main disadvantage of Diffie-Hellman is that it is vulnerable to man-in-the-middle (MitM) attacks. For example, assume that an attacker, Charlie, intercepts Bob’s public key en route to Alice and substitutes his own public key, C. If so, Alice will calculate the secret key as S’ = C^a, which is something that Charlie can calculate as well. If Charlie does the same to Bob, he will have the secret keys used by both parties to encrypt their messages. This would allow Charlie to intercept a message from Alice, decrypt it, and re-encrypt it with Bob’s key after reading (and potentially modifying it). He could also do the same thing in the opposite direction for messages from Bob to Alice.


Diffie-Hellman is an early example of an asymmetric cryptographic algorithm applied to key exchanges. With it, two parties can establish a shared secret key over an untrusted, public channel.

KZero Staff

Explore more insightful content from the knowledgeable KZero staff on our blog and guides section.

Glossary Terms

Stay up to date with the most recent #infosec topics

Trending Topics

Interested In
Next-Gen MFA?

Discover Multi-Pass enterprise passwordless authentication

Share the page: