Unlike RSA, where you can send messages of your choice, the DHKE is used to generate a secret number shared between Alice and Bob. This shared secret is then used as the key for a symmetric cryptosystem like AES.
A large prime
and a generator
are made public.
Alice and Bob choose their secret integers
respectively. They then compute the following:
are exchanged between Alice and Bob over a public channel. Once the other person's number is received, they then put it to the power of their secret integer, i.e. Alice computes
and Bob computes
, both modulo
. Note that:
This means that once they do this, they are in possession of the same number, which they can then use as a shared secret.
The safety of the Diffie-Hellman Key Exchange is grounded on he difficulty of solving the discrete logarithm problem - the difficulty of computing
You can see this in Overview presented above - the values
are sent over a public channel, but because we cannot solve the DLP efficiently an attacker is unable to retrieve
. We say that the DLP is DHKE's trapdoor function.
As you may expect from here, many attacks on Diffie-Hellman rely on situations in which you can efficiently compute the discrete logarithm.