Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Diffie–Hellman key exchange
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
{{Short description|Method of exchanging cryptographic keys}} [[File:DiffieHellman.png|409x409px|thumb|right|With Diffie–Hellman key exchange, two parties arrive at a common secret key, without passing the common secret key across the public channel.]] '''Diffie–Hellman''' ('''DH''') '''key exchange'''<ref group="nb">Synonyms of Diffie–Hellman key exchange include: * Diffie–Hellman–Merkle key exchange * Diffie–Hellman key agreement * Diffie–Hellman key establishment * Diffie–Hellman key negotiation * Exponential key exchange * Diffie–Hellman protocol * Diffie–Hellman handshake</ref> is a mathematical [[Key-agreement protocol|method]] of securely generating a symmetric [[cryptographic key]] over a public channel and was one of the first [[public-key cryptography|public-key protocols]] as conceived by [[Ralph Merkle]] and named after [[Whitfield Diffie]] and [[Martin Hellman]].<ref name="Merkle 1978">{{cite journal|last1=Merkle|first1=Ralph C.|date=April 1978|title=Secure Communications Over Insecure Channels|journal=[[Communications of the ACM]]|volume=21|issue=4|pages=294–299|doi=10.1145/359460.359473|quote=Received August, 1975; revised September 1977|citeseerx=10.1.1.364.5157|s2cid=6967714}}</ref><ref name="Diffie 1976" /> DH is one of the earliest practical examples of public key exchange implemented within the field of cryptography. Published in 1976 by Diffie and Hellman, this is the earliest publicly known work that proposed the idea of a private key and a corresponding public key. Traditionally, secure encrypted communication between two parties required that they first exchange keys by some secure physical means, such as paper key lists transported by a trusted [[courier]]. The Diffie–Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a [[shared secret]] key over an [[insecure channel]]. This key can then be used to encrypt subsequent communications using a [[symmetric-key algorithm|symmetric-key]] [[cipher]]. Diffie–Hellman is used to secure a variety of [[Internet]] services. However, research published in October 2015 suggests that the parameters in use for many DH Internet applications at that time are not strong enough to prevent compromise by very well-funded attackers, such as the security services of some countries.<ref name=imperfectfs/> The scheme was published by Whitfield Diffie and Martin Hellman in 1976,<ref name="Diffie 1976">{{cite journal|last1=Diffie|first1=Whitfield|last2=Hellman|first2=Martin E.|author-link2=Martin Hellman|date=November 1976|title=New Directions in Cryptography|url=http://ee.stanford.edu/%7Ehellman/publications/24.pdf|url-status=live|journal=[[IEEE Transactions on Information Theory]]|volume=22|issue=6|pages=644–654|doi=10.1109/TIT.1976.1055638|archive-url=https://web.archive.org/web/20141129035850/https://ee.stanford.edu/%7Ehellman/publications/24.pdf|archive-date=2014-11-29|author-link1=Whitfield Diffie|citeseerx=10.1.1.37.9720}}</ref> but in 1997 it was revealed that [[James H. Ellis]],<ref>{{cite web|url=http://cryptocellar.web.cern.ch/cryptocellar/cesg/possnse.pdf|title=The possibility of Non-Secret digital encryption|last1=Ellis|first1=J. H.|author-link=James H. Ellis|date=January 1970|work=CESG Research Report|archive-url=https://web.archive.org/web/20141030210530/https://cryptocellar.web.cern.ch/cryptocellar/cesg/possnse.pdf|archive-date=2014-10-30|url-status=dead|access-date=2015-08-28}}</ref> [[Clifford Cocks]], and [[Malcolm J. Williamson]] of [[Government Communications Headquarters|GCHQ]], the British signals intelligence agency, had previously shown in 1969<ref>{{cite web|url=https://www.gchq.gov.uk/sites/default/files/document_files/CESG_Research_Report_No_3006_0.pdf|title=The Possibility of Secure Secret Digital Encryption|archive-url=https://web.archive.org/web/20170216051636/https://www.gchq.gov.uk/sites/default/files/document_files/CESG_Research_Report_No_3006_0.pdf|archive-date=2017-02-16|url-status=live|access-date=2017-07-08}}</ref> how public-key cryptography could be achieved.<ref>{{cite news|url=https://www.bbc.co.uk/news/uk-england-gloucestershire-11475101|title=GCHQ trio recognised for key to secure shopping online|date=5 October 2010|work=[[BBC News]]|access-date=5 August 2014|archive-url=https://web.archive.org/web/20140810044800/http://www.bbc.co.uk/news/uk-england-gloucestershire-11475101|archive-date=10 August 2014|url-status=live}}</ref> Although Diffie–Hellman key exchange itself is a non-authenticated [[key-agreement protocol]], it provides the basis for a variety of authenticated protocols, and is used to provide [[forward secrecy]] in [[Transport Layer Security]]'s [[ephemeral key|ephemeral]] modes (referred to as EDH or DHE depending on the [[cipher suite]]). The method was followed shortly afterwards by [[RSA (algorithm)|RSA]], an implementation of public-key cryptography using asymmetric algorithms. Expired US patent 4200770<ref>{{US patent reference|number=4200770}}</ref> from 1977 describes the now [[public domain|public-domain]] algorithm. It credits Hellman, Diffie, and Merkle as inventors.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)