# Diffie–Hellman key exchange

Diffie–Hellman key exchange is a method of securely exchanging cryptographic keys over a public channel and was one of the first public-key protocols as conceived by Ralph Merkle and named after Whitfield Diffie and Martin Hellman. DH is one of the earliest practical examples of public key exchange implemented within the field of cryptography. Published in 1976 by Diffie and Hellman, this is the earliest publicly known work that proposed the idea of a private key and a corresponding public key.

Traditionally, secure encrypted communication between two parties required that they first exchange keys by some secure physical means, such as paper key lists transported by a trusted courier. The Diffie–Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure channel. This key can then be used to encrypt subsequent communications using a symmetric-key cipher.

Diffie–Hellman is used to secure a variety of Internet services. However, research published in October 2015 suggests that the parameters in use for many DH Internet applications at that time are not strong enough to prevent compromise by very well-funded attackers, such as the security services of some countries.

Although Diffie–Hellman key agreement itself is a non-authenticated key-agreement protocol, it provides the basis for a variety of authenticated protocols, and is used to provide forward secrecy in Transport Layer Security's ephemeral modes (referred to as EDH or DHE depending on the cipher suite).

The method was followed shortly afterwards by RSA, an implementation of public-key cryptography using asymmetric algorithms.

## Implementation in Python ##

1. We need to agree on two values: g and p. The first, g, is a random number. The second is the key-space, this is, how large the public key will be. For the purpose of this exercise, we will use p=1024.
To generate g, we will use a Linear Congruential Generator, as explained in class.

In [33]:
import random
import math

# Parameters and Variables

length = 10
val = 0
key = ['']*length
i=0

# This, implements the LCG
def LCG(s,sz):
    val = ((1103515245*s+12345)%2**31)%sz
    return val

2. Now we need functions to generate a prime number around some targeted value. 
The first function **isPrime()** returns a boolean, True if the number passed as parameter is prime, False if it is not. 
The second function **findPrime()** below generates 100 numbers starting on the target and test which one is prime. If so, returns the one that it is, else, returns 0.

In [34]:
def isPrime(num):
    prime = True
    i = 1
    for n in range(2,num-1):
        if num % n == 0:
            prime = False
    return prime

def findPrime(target):
    for n in range(target,target+1000):
        if(isPrime(n)):
            return n
    return n

3. Now, lets generate random numbers using LCG and pick one randomly. That will be "g".

In [35]:
seed = 76 # This is a random number used to generate the sequence
size = 1024 
for v in key:
    key[i] = LCG(seed,size)
    # print(key[i],end=' ')
    seed = seed + 1
    i = i + 1
g = key[random.randint(0,length)] #g is a random selection of an element within the 
                                  # list of pseudo-random values from the LCG.
                                  #g is different every time we run this notbeook.

4. We have agreed p = 1024

In [36]:
p = 1000
print("p= ",p," and g= ",g) 

p=  1000  and g=  585


5. Now we need two 'large' prime numbers, a and b

In [37]:
# We use findPrime(target) where target is the number around which we want to find a prime one
a = findPrime(100000)
b = findPrime(20000)
print("a= ",a," and b= ",b) 

a=  100003  and b=  20011


6. Now, we can generate a public keys for Alice and Bob:

In [38]:
apk = pow(g,a)%p
bpk = pow(g,b)%p
apkb = bin(apk)
bpkb = bin(bpk)
print("Alice's public key is = ",apk, "In binary will be = ", apkb)
print("Bob's public key = ",bpk, "In binary will be = ", bpkb)
#You can print the binary versions 

Alice's public key is =  625 In binary will be =  0b1001110001
Bob's public key =  625 In binary will be =  0b1001110001


7. Alice can take Bob's public key and get the encryption key:

In [39]:
decKeyA = pow(bpk,a)%p
decKeyB = pow(apk,b)%p

In [40]:
print("Alice got -> ",decKeyA, "(",bin(decKeyA),") and Bob got ->",decKeyB, "(", bin(decKeyB),")")

Alice got ->  625 ( 0b1001110001 ) and Bob got -> 625 ( 0b1001110001 )


They can use these keys to encrypt-decrypt communications between them. 
Eve, in the other hand, knows Alice's and Bob's public keys, but because doesn't know a or b, can't get the private key. 