Diffie-Hellman (D-H) is a public key algorithm used for producing a shared secret key. It is described in RFC 2631 and Public Key Cryptography Standard (PKCS) #3. To share a secret key between two parties, both parties calculate the shared secret key using their own private key and the other party's public key. The Diffie-Hellman method works best if p = 2q+1 where q is also a prime. (For example, 5 and 11 are prime and 11 = 2 x 5 + 1.) Then half the integers 1,2.,p-1 are generators, and it is possible to check whether g is a. String Hash Calculator String HMAC Calculator One-Time Password Calculator. Base64 Converter Bitcoin Address Generator. Diffie-Hellman Key Exchange. Diffie-Hellman key exchange allows two parties to generate a shared secret over an insecure channel. Recall the mathematics of Diffie-Hellman: Given public. Stack Exchange Network. Stack Exchange network consists of 176 Q&A communities including Stack Overflow, the largest, most trusted online community for developers to learn, share their knowledge, and build their careers.

Dirty Diffie-Hellman
(Like dirty Santa, but geekier)

Crappy PHP script for a simple Diffie-Hellman key exchange calculator. I guess I could have used Javascript instead of PHP, but I had rounding errors.
Hi all, the point of this game is to meet new people, and to learn about the Diffie-Hellman key exchange. Did you ever wonder how two parties can negotiate a cryptographic key in the presence of an observer, without the observer figuring out the key? My guess is not, but bear with me. This will be a simplified version of the Diffie-Hellman key exchange (in real life, better constants and larger variables should be chosen) , in the form of a game. Enter as many times as you like.
Fixed numbers: g=10, p=541
Contestant steps:
1. Find someone you do not know, and introduce yourself.
2. One of you is Alice (a), and one is Bob (b). If genders don't match that's ok, one of you can be Alan and the other Barb for all I care.
3. Both of you choose a number between 1 and 100, but don't tell the other person this number.
4. Alice, compute A = g^a mod p = 10^a mod 541.
Bob, compute B = g^b mod p = 10^b mod 541.
Feel free to rip out your calculator or smart phone, or just use this calculator:
http://www.irongeek.com/diffie-hellman.php
5. Alice and Bob, exchange A and B verbally in the presences of Carl (Or as Chux0r points out, perhaps Christmas 'Eve').
6. Alice, compute SecretKeyA = B^a mod p = B^a mod 541. Notice the superscript is the lower case variable you chose.
Bob, compute SecretKeyB = A^b mod p = A^b mod 541. Notice the superscript is the lower case variable you chose.
7. If you did it right, SecretKeyA should be the same as SecretKeyB. Write your names, the A and B values, and the shared SecretKey outcome on a piece of paper and turn it in for the drawing.
Drawing:
The officiator will draw a piece of paper and announce the two people, the values of their A and B, and then wait 20 sec. If someone else can announce Alice and Bob's shared SecretKey in the 20 secs, they win instead.

15 most recent posts on Irongeek.com:

Diffie-Hellman key agreement protocol uses modular exponentiation and calls for use of special prime numbers. If you ever wondered why, I’ll try to explain.

Diffie-Hellman key agreement

Diffie Hellman Key Exchange Calculator

The “classical” Diffie-Hellman key exchange also known as Finite Field Diffie-Hellman uses one type of operation — modular exponentiation — and two secrets for two communication peers to arrive at a single shared secret.

The protocol requires a prime number and a number that is a so-called “generator” number to be known to both peers. This is usually achieved by either the server sending those values to the client (e.g. in TLS before v1.3 or in some SSH key exchange types) or by distributing them ahead of time to the peers (e.g. in IPSec and TLS 1.3).

When both peers know which parameters to use, they generate a random number, perform modular exponentiation with this random number, group generator and prime and send the result to the other party as a “key share”. That other party takes this key share and uses it as the generator to perform modular exponentiation again. The result of that second operation is the agreed key share.

If we define as the generator, as the prime, as the server selected random, as the server key share, as the client selected random and as the client key share, and being the agreed upon secret, the server performs following operations:

Diffie-hellman Key Exchange Calculator

Client performs following operation:

Because both parties agree on the same .

Unfortunately both peers need to operate on a value provided by the other party (not necessarily trusted or authenticated) and their secret value at the same time. This calls for the the prime number used to have some special properties.

Modular exponentiation

The basic operation we’ll be dealing with is modular exponentiation. The simple way to explain it is that we take a number, raise it to some power. Then we take that result and divide it by a third number. The remainder of that division is our result.

For 2^10 mod 12, the calculation will go as follows, first exponentiation:

Then division:

So the result is 4.

One of the interesting properties of modular exponentiation, is that it is cyclic. If we take a base number and start raising it to higher and higher powers, we will be getting the same numbers in the same order:

This comes from the fact that in modulo arithmetic, for addition, subtraction, multiplication and exponentiation, the order in which the modulo operations are made does not matter; a + b mod c is equal to (a mod c + b mod c) mod c. Thus if we try to calculate the example for 3^17 mod 14 we can write it down as ((3^6 mod 14) * (3^6 mod 14) * (3^5 mod 14)) mod 14. Then the calculation is reduced to 1 * 1 * 3^5 mod 14.

The inverse of modular exponentiation is discrete logarithm, in which for a given base and modulus, we look for exponent that will result in given number:

Where g, m and n are given, we’re looking for x.

Because there are no fast algorithms for calculating discrete logarithm, is one of the reasons we can use modulo exponentiation as the base of Diffie-Hellman algorithm.

Cyclic groups

Let’s see what happens if we start calculating results of modular exponentiation for 14 with different bases:

Neither of the numbers can generate all of the numbers that are smaller than the integer we calculate the modulo operation with. In other words, there is no generator (in number theoretic sense) that generates the whole group.

To find such numbers, we need to start looking at prime numbers.

Cyclic groups modulo prime

Let’s see what happens for 13:

The obvious result is that we now have 4 generators — 2, 6, 7 and 11 generate the whole group.

But there is other result hiding. Let’s see the results for 19, but with sizes of those groups shown:

Note that all the sizes of those groups are factors of 18 – that is p-1.

The third observation we can draw from those results is that, for any number the size of the group of the generated elements will be at most as large as the size of the base number.

Ecc Diffie Hellman Calculator

With 19, if we take generator 8, the size of its subgroup is 6. But size of subgroups of 7, 18, 11 and 12 is respectively 3, 2, 3 and 6.

Diffie Hellman Calculate Secret Key

Thus, not only is the subgroup much smaller than the full group, it is also impossible to “escape” from it.

Safe primes

Diffie Hellman Calculate

We saw that for primes, some bases are better than others (look into finite fields to learn more).

As we noticed, sizes of all groups are factors of the prime less one (see Fermat’s little theorem for proof of this). Of course, with the exception of 2, all primes are odd numbers, so p-1 will always be divisible by two – it will be a composite number. But q = (p-1)/2 doesn’t have to be composite. Indeed, we call primes for which q is also prime safe primes.

Diffie-hellman Calculator

Let’s see what happens if we calculate groups of such a prime:

The groups look very different to the ones we saw previously, with the exception of bases 0, 1 and p-1, all groups are relatively large – 11 or 22 elements.

One interesting observation we can make about bases that have group order of 2q, is that even exponents will remain in a group of size 2q while odd will move to a group with order of q. Thus we can say that use of generator that is part of group order of 2q will leak the least significant bit of the exponent.

That’s why protecting against small subgroup attacks with safe primes is so easy, it requires comparing the peer’s key share against just 3 numbers. It’s also the reason why it’s impossible to “backdoor” the parameters (prime and generator), as every generator is a good generator.