Diffie-Hellman key exchange

Diffie-Hellman key exchange protocol is a way for two parties to establish a shared secure key over an insecure communication channel. The protocol has two parameters, p and g, which are both public. Parameter p is a prime number, while the generator g is a primitive root of p.

When the two parties, say Alice (the client) and Bob (the server) wants to establish a secure key, Alice first generates p and g, which are sent to Bob. Alice then generates a random private value a and Bob generates a random private value b. Their public values are then generated, using their private value, the prime p and the generator g. Alice gets the public value A = ga mod p and Bob gets the public value B = gb mod p. These values are exchanged and then used to compute the shared key. Alice computes k = Ba mod p and Bob computes k = Ab mod p. As gab equals gba they arrive at the same value k, which is the secure key.

When the prime p and the numbers a and b become large, the possible values of k based on the public variables are so many that this method is secure. Note that the generator g does not need to be large at all.