# Alice, Bob & Eve: Diffie, Hellman and Merkle

In today's episode we will use another kind of asymmetric cryptography for securely exchanging messages between Alice and Bob, so Eve could not eavesdrop them. This time we will use algorithm called Diffie-Hellman-Merkle (DHM) or just Diffie-Hellman (DH, D-H). 

This is not encryption method. It's key exchange method. We can use DHM for Alice and Bob to directly get the secret, usable as AES key. Specifically, we will use the `ECDiffieHellman` class, which implements this algorithm over elliptic curves to make it even more secure.

## Alice

First step is that Alice generates her own private and public keys using ECDH:

In [1]:
using System.Security.Cryptography;

// Let Alice generate her ECDH key pair
var alice = ECDiffieHellman.Create(ECCurve.NamedCurves.nistP256);
var alicePrivateKey = alice.ExportPkcs8PrivateKeyPem();
var alicePublicKey = alice.ExportSubjectPublicKeyInfoPem();

// Print Alice's keys
Console.WriteLine("Alice's Private Key:");
Console.WriteLine(alicePrivateKey);
Console.WriteLine();
Console.WriteLine("Alice's Public Key:");
Console.WriteLine(alicePublicKey);

Alice's Private Key:
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg7nMVuHAboBUVvvTy
Y1O+dj3oxse9HImlE5NeLtWL5dehRANCAASaiSpL6ia/6rfFJu7E71mYgBwGSD7o
FOuqHGzfPBv0/3hthaPpKJlsaoGMjDxL1T02wKV/nBh17B3UpmIk0VTB
-----END PRIVATE KEY-----

Alice's Public Key:
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmokqS+omv+q3xSbuxO9ZmIAcBkg+
6BTrqhxs3zwb9P94bYWj6SiZbGqBjIw8S9U9NsClf5wYdewd1KZiJNFUwQ==
-----END PUBLIC KEY-----


After doing this, Alice will send her public key to Bob using open channel.

## Bob 

Bob will do exactly the same, using the same code:

In [2]:
// Let Bob generate his ECDH key pair
var bob = ECDiffieHellman.Create(ECCurve.NamedCurves.nistP256);
var bobPrivateKey = bob.ExportPkcs8PrivateKeyPem();
var bobPublicKey = bob.ExportSubjectPublicKeyInfoPem();

// Print Bob's keys
Console.WriteLine("Bob's Private Key:");
Console.WriteLine(bobPrivateKey);
Console.WriteLine();
Console.WriteLine("Bob's Public Key:");
Console.WriteLine(bobPublicKey);

Bob's Private Key:
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgA8Sz8bvWstp9tlde
8leMVcdnxiLRxE0p278QB6xWx1ihRANCAATtt7T67r+CIDoS9B0M2T8YTsk0FyO6
UWT3nSY/8RiyuarvERUFn0wcxW0iYYvkuJaT9ds+mHy3XgySY8UAIIrN
-----END PRIVATE KEY-----

Bob's Public Key:
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7be0+u6/giA6EvQdDNk/GE7JNBcj
ulFk950mP/EYsrmq7xEVBZ9MHMVtImGL5LiWk/XbPph8t14MkmPFACCKzQ==
-----END PUBLIC KEY-----


Bob will also send his public key to Alice using open channel.

## Alice

Alice will create another instance of the `ECDiffieHellman`, using Bob's public key. Then she'll use her original instance (with private key) to derive shared key material:

In [6]:
// Create instance of ECDiffieHellman from Bob's public key
var bobEcdhPublic = ECDiffieHellman.Create();
bobEcdhPublic.ImportFromPem(bobPublicKey);

// Alice derives the shared secret using Bob's public key
var aliceSharedSecret = alice.DeriveKeyFromHash(bobEcdhPublic.PublicKey, HashAlgorithmName.SHA256);
Console.WriteLine($"Alice's Derived Shared Secret: {Convert.ToBase64String(aliceSharedSecret)} ({aliceSharedSecret.Length * 8} bits)");

Alice's Derived Shared Secret: 1vxLGEWb3qkb41Nb6Q85RnLc+6G/8lAGAtNgoiG8ZS8= (256 bits)


## Bob

Bob will mirror her action and will end with exactly the same derived shared secret:

In [8]:
// Create instance of ECDiffieHellman from Alice's public key
var aliceEcdhPublic = ECDiffieHellman.Create();
aliceEcdhPublic.ImportFromPem(alicePublicKey);

// Bob derives the shared secret using Alice's public key
var bobSharedSecret = bob.DeriveKeyFromHash(aliceEcdhPublic.PublicKey, HashAlgorithmName.SHA256);
Console.WriteLine($"Bob's Derived Shared Secret:   {Convert.ToBase64String(bobSharedSecret)} ({bobSharedSecret.Length * 8} bits)");
Console.WriteLine($"Alice's Derived Shared Secret: {Convert.ToBase64String(aliceSharedSecret)} ({aliceSharedSecret.Length * 8} bits) for reference");

Bob's Derived Shared Secret:   1vxLGEWb3qkb41Nb6Q85RnLc+6G/8lAGAtNgoiG8ZS8= (256 bits)
Alice's Derived Shared Secret: 1vxLGEWb3qkb41Nb6Q85RnLc+6G/8lAGAtNgoiG8ZS8= (256 bits) for reference


As you can see, while exchanging only public keys, both sides of communication derived the same secret, which can be then used for AES GCM encryption, as in the previous example.

## DHM explanation

How it's possible? There is [pretty complex math](https://en.wikipedia.org/wiki/Elliptic-curve_Diffie%E2%80%93Hellman) involved I won't bore you with. In layman terms, the following paint mixing diagram explains the concept nicely:

![image.png](attachment:image.png)

