- Agree two shared related values
- MOD = "p"
- BASE= "g"
- "p" must be prime number and "g" a primitive root modulo of P
- Choose random secret numbers
- client= "a"
- server- "b"
- secret numbers do NOT need to be prime
- Generate shareable value (A) from secrets
- A = g^a MOD p
- B = g^b MOD p
- client sends A to server and server sends B to client
- at this point p g A B are known globally - only a and b kept secret
- Calculate shared key
- client: B^a MOD p
- server: A^b MOD p
- Both these calculations will produce the same number - the shared key
- shared key now used by AES for bulk symmetric encryption
- SIMPLE EXAMPLE
- Variables
- "p" = 23
- "g" = 5
- "a" = 4
- "b" = 3
- Formulas
- Create shareable values
- A = g^a Mod P --> 5^4 MOD 23 =4
- B = g^b Mod P --> 5^3 MOD 23 =10
- Create shared secret
- B^a MOD p --> 10^4 MOD 23 = 18
- A^b MOD p --> 4^3 MOD 23 = 18
- Both values are 18 which is the shared secret
- EPHEMERAL DIFFIE HELLMAN
- Secret keys ("a" and "b") are changed with each session
- This provides PERFECT FORWARD SECRECY
- past communication is still secure if breached as same key not used
