End-to-end encryption involves the application of encryption to messages on a device, such that only the recipient’s device can decrypt it.
When it comes to end-to-end encryption, the assumption is that we have some kind of asymmetric key that we can use to talk privately. So you and I have some sort of secret key and we use that to talk securely. Diffie-Hellman is how we get that secret key.
The Diffie-Hellman algorithm was first published in 1976, and it has become a staple for any kind of cryptography. Whenever we use cryptography, we usually need to have a symmetric key, and to get that, we have to perform some kind of Diffie-Hellman.
It is so prevalent that your phone is probably doing it right now. When you logged on to the browser to read this article, you performed a Diffie-Hellman key exchange.
When you open up your phone and connect to any server, it will most certainly perform a Diffie-Hellman key exchange. Its importance cannot be overestimated.
The problem with Diffie-Hellman is its mathematical complications. But that will be broken down into pieces in this article.
The Diffie-Hellman algorithm key exchange method allows parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure channel. This key can be used to encrypt subsequent communications using a symmetric key cipher. It is one of the most important key exchange algorithms and is widely used to secure a variety of internet services.
Although the Diffie-Hellman algorithm (DH) key agreement itself is a non authenticated key agreement protocol, it provides the basis of a variety of authenticated protocols and is used to provide forward secrecy in transport layer security. The method was followed shortly afterwards by RSA, an implementation of public key cryptography using asymmetric algorithms.
The simplest and original implementation of the DH algorithm uses a multiplicative group of integers called modulo
. Now, the foremost step is to assume a prime number so let’s call it Q
.
The second step is to select
alpha
, such that alpha must be a primitive root of the chosen prime and alpha should always be less than Q (alpha < Q)
.
Now, the next step is to find the public and private keys of the sender and the receiver. So, the first step is to assume the private key of user A, given as Pa
. We have to ensure that it is less than the prime, Q
. Now, we go ahead to calculate the public key Ya
which we will find with the formula: Ya = alpha ^ Pa mod Q
.
Similarly, the above step is done for user B
. Now, we go ahead and calculate the public key of user B which we will find with the formula, Yb = alpha ^ Pb mod Q
.
So, after following these steps, what user A has is their private and public key {Pa, Ya}
and user B also has {Pb, Yb}
.
After this, the only step left is the key generation. Now, the keys are generated at both the senders’ and the receiver side. So, let’s look at the information that is available on the sender, A
, side. So, the sender has won their private key, and sent B
's public key, which is easily available on the network, and the prime number Q
that we have selected. Basically, the sender’s key, Ka
is generated by the formula:
Yb^Pa mod Q
.
Similarly, the receiver, B
, has their private key (Pb)
, A
's public key (Ya)
and the prime Q
. Hence Kb
is calculated by the formula:
Ya^Pb mod Q
.
Upon calculating the key, Ka
and Kb
on both sides, we see that both are equal.