Diffie-Hellman Key Exchange Simulator

Visualize how two parties can establish a shared secret over an insecure channel using the Diffie-Hellman protocol. This educational tool breaks down the mathematics step by step.

Prime Number (p) and Generator (g)

These public values are shared openly. Security relies on the difficulty of the discrete logarithm problem.

Public Parameters

p = 17g = 3

Private Keys (Keep Secret!)

Alice's Private Key (a)

Bob's Private Key (b)

Security Note

This demonstration uses small prime numbers for educational purposes. Real Diffie-Hellman implementations use much larger primes (2048+ bits) to prevent brute-force attacks. Also, basic DH is vulnerable to man-in-the-middle attacks - always authenticate the other party in real applications!

How Diffie-Hellman Works

The Diffie-Hellman key exchange allows two parties to create a shared secret over an insecure channel. It was published by Whitfield Diffie and Martin Hellman in 1976 and is one of the foundations of modern cryptography.

The Math: Both parties agree on a prime p and generator g. Each picks a private number (a, b), computes their public value (g^a mod p, g^b mod p), and exchanges them. The magic: (g^b)^a mod p = (g^a)^b mod p = g^(ab) mod p. Both arrive at the same secret!

Why it's secure: An eavesdropper sees p, g, A, and B, but cannot easily compute the shared secret without knowing a or b. This is the discrete logarithm problem, which is computationally infeasible for large primes.

How It Works

This Diffie-Hellman simulator demonstrates how two parties can establish a shared secret over an insecure channel without ever transmitting the secret itself. It's the foundation of modern secure communications.

The key exchange process:

Agree on public parameters: Both parties use a large prime number (p) and a generator (g) - these can be public.
Generate private keys: Each party secretly chooses a random private key (a and b).
Calculate public keys: Each computes their public key: A = g^a mod p and B = g^b mod p.
Exchange public keys: They swap public keys over the insecure channel.
Derive shared secret: Each computes the shared secret: s = B^a mod p = A^b mod p.

The magic: even though an eavesdropper sees p, g, A, and B, they cannot feasibly compute the shared secret without knowing either private key (the discrete logarithm problem).

When You'd Actually Use This

Learning Cryptography Concepts

Understand how secure key exchange works without getting lost in complex math. Visual learning for students.

Teaching Network Security

Demonstrate to students or colleagues how HTTPS establishes secure connections before encrypting data.

Protocol Design Review

Verify your understanding of DH when reviewing or implementing secure communication protocols.

Security Audit Preparation

Refresh your knowledge of key exchange mechanisms before auditing systems that use DH or ECDH.

Explaining to Non-Technical Stakeholders

Show how two parties can share secrets without meeting beforehand - useful for business discussions.

Comparing Key Exchange Methods

Understand DH fundamentals before learning variants like ECDH (elliptic curve) or authenticated DH.

What to Know Before Using

Classic DH is vulnerable to man-in-the-middle attacks

Without authentication, an attacker can intercept and impersonate both parties. Real implementations use signatures or certificates to authenticate.

Prime size matters for security

Small primes (like under 1024 bits) can be broken with enough computing power. Modern systems use 2048+ bits or switch to elliptic curve DH.

The generator must be chosen carefully

Not all generators work with all primes. Poor choices can create small subgroups that leak information about private keys.

This is educational, not for production

Real implementations use carefully vetted libraries with proper random number generation, timing attack protections, and authenticated variants.

ECDH is more common in modern systems

Elliptic Curve Diffie-Hellman provides equivalent security with much smaller key sizes, making it faster and more efficient for mobile and IoT.

Common Questions

Why can't an eavesdropper just compute the shared secret from the public values?

They'd need to solve the discrete logarithm problem: given g, p, and A = g^a mod p, find a. For large primes (2048+ bits), this is computationally infeasible with current technology.

What's the difference between DH and ECDH?

ECDH uses elliptic curve mathematics instead of modular exponentiation. It provides equivalent security with much smaller keys (256-bit EC vs 3072-bit DH), making it faster and more efficient.

Is Diffie-Hellman used in HTTPS?

Yes! TLS uses DH or ECDH for key exchange in many cipher suites. When you see 'ECDHE' in a cipher suite name, that's Elliptic Curve Diffie-Hellman Ephemeral providing forward secrecy.

What is forward secrecy and why does DH provide it?

Forward secrecy means past communications stay secure even if long-term keys are compromised later. Ephemeral DH generates new key pairs for each session, so compromising one session doesn't affect others.

Can quantum computers break Diffie-Hellman?

Yes. Shor's algorithm can solve the discrete logarithm problem efficiently on a sufficiently powerful quantum computer. Post-quantum cryptography is being developed to address this threat.

What are 'safe primes' and why do they matter?

A safe prime p is where (p-1)/2 is also prime. Using safe primes prevents certain attacks that exploit small subgroups. Modern DH implementations carefully select primes to avoid these vulnerabilities.

Why do both parties end up with the same shared secret?

Mathematically: Alice computes B^a = (g^b)^a = g^(ab) mod p. Bob computes A^b = (g^a)^b = g^(ab) mod p. They're the same because multiplication is commutative: ab = ba.

Other Free Tools

Search tools