← Lab

Diffie-Hellman Key Exchange

Two parties agree on a shared secret over a public channel. An eavesdropper sees everything and learns nothing.

Speed: 1×

Step 0/6 · Phase: Ready · Secret: ???

Click Step to advance the protocol, or Auto-Run to play through.

p (prime): g (generator): 5 a (Alice): b (Bob):

Common paint (p, g)

Alice's private paint

Bob's private paint

Alice's mixture → sent publicly

Bob's mixture → sent publicly

Alice's final = shared secret

Bob's final = shared secret

Eve sees mixtures but can't unmix → ???

Public parameters: p = 23, g = 5

Alice picks a = 6 (private) | Bob picks b = 15 (private)

Alice computes A = g^a mod p = 5⁶ mod 23 = ?

Exchange: Alice sends A = ? | Bob sends B = ?

Alice: s = B^a mod p = ?⁶ mod 23 = ? | Bob: s = A^b mod p = ?¹⁵ mod 23 = ?

Eve knows p=23, g=5, A=?, B=? — but cannot compute s without a or b

Press Step or Auto-Run to start.

What just happened?

Alice and Bob agreed on a secret number without ever sending it. Eve saw everything on the wire — the prime, the generator, both public keys — and still can't figure out the shared secret. That's Diffie-Hellman.

The color mixing analogy

Mixing paint is easy. Unmixing it is hard. That one-way property is what makes this work. Alice and Bob start with a common color (the public parameters), each mix in their own private color, exchange the mixtures, then mix in their private color again. They both end up with the same final color — but Eve, who only saw the mixtures, can't separate them back out.

In the real protocol, "mixing" is modular exponentiation — easy to compute, but reversing it (the discrete logarithm problem) is computationally infeasible for large numbers.

Why small numbers are misleading

With p=23, Eve could brute-force the answer by trying all possible private keys in microseconds. Real Diffie-Hellman uses 2048-bit primes — numbers with 600+ digits. At that scale, the discrete log problem would take longer than the age of the universe to solve with current computers. The small numbers here are just to make each step visible.

Where this shows up

TLS (every HTTPS connection), SSH, VPNs, the Signal protocol. Every time you see the lock icon in your browser, some variant of Diffie-Hellman is happening underneath. The specific flavor most commonly used today is Elliptic Curve Diffie-Hellman (ECDH), which achieves the same security with smaller keys.