Diffie-Hellman Method For Key Agreement

(translated into English by Benjamin Levy)

The "Diffie-Hellman Method For Key Agreement" allows two hosts to create and share a secret key.

1) First the hosts must get the "Diffie-Hellman parameters". A prime number, 'p' (larger than 2) and "base", 'g', an integer that is smaller than 'p'. They can either be hard coded or fetched from a server.

2) The hosts each secretly generate a private number called 'x', which is less than "p - 1".

3) The hosts next generate the public keys, 'y'. They are created with the function:

	y = g^x % p

4) The two host now exchange the public keys ('y') and the exchanged numbers are converted into a secret key, 'z'.

	z = y^x % p

'z' can now be used as the key for whatever encryption method is used to transfer information between the two hosts. Mathematically, the two hosts should have generated the same value for 'z'.

	z = (g^x % p)^x' % p = (g^x' % p)^x % p

	All of these numbers are positve integers

	x^y	means: x is raised to the y power
	x%y	means: x is divided by y and the remainder is
			returned 

Based upon "RSA Data Security, Inc. Public-Key Cryptography Standards (PKCS)" #3: Diffie-Hellman Key Agreement Standard. Which is based upon W. Diffie and M.E. Hellman's New directions in cryptography from IEEE transactions on Information Theory, IT 22:644-654, 1976.

PKCS-3 is available for anonymous FTP from ftp://ftp.rsa.com/ in /pub/pkcs/ps/pkcs-3.ps (or /pub/pkcs/ascii/pkcs-3.asc).

The Diffie-Hellman Key Agreement patent ( U.S. Patent 4,200,770) was owned by Public Key Partners. It expired (9/6/1997).


Copyright (c) 1997 Benjamin Levy. Permission to use this article for non-commercial work is freely granted, provided I'm credited.