# Diffie-Hellman Key Exchange

State of the art ciphers use keys to encrypt and decrypt messages. The key is a number which is agreed upon before the parties exchange their messages. Only knowledge of the chosen key allows to decrypt the encrypted messages. Therefore, it is crucial that the key is kept secret at all moments. This begs the question: **how can two parties agree on a secret key when they must fear that all their communication is intercepted?**

In [167]:
def encryptKey(privateKey, publicKey1, publicKey2):
    return (publicKey1 ** privateKey) % publicKey2

In [168]:
def computeCommonKey(privateKey, encryptedKey, publicKey2):
    return encryptedKey ** privateKey % publicKey2

We assume that two parties, Alice and Bob, want to find a common key.

First, Alice and Bob choose two keys. This may happen publicly, since those keys are distinct from the key that is generated in the end.

In [169]:
public1 = 6
public2 = 761

Now, Alice and Bob, choose one private key each.

In [170]:
alicePrivate = 630
bobPrivate = 694

Those keys are to be kept secret at all time: only Alice knows her key, and only Bob knows his key.
So, Alice and Bob encrpyt their respective keys, before they sent it to each other.

In [171]:
aliceEncrypted = encryptKey(alicePrivate, public1, public2)
bobEncrypted = encryptKey(bobPrivate, public1, public2)
print('Alice private key:', alicePrivate, '-> encrypted:', aliceEncrypted)
print('Bob private key:', bobPrivate, '-> encrypted:', bobEncrypted)

Alice private key: 630 -> encrypted: 716
Bob private key: 694 -> encrypted: 144


Finally, the common key is defined to be:

In [172]:
commonKey = public1 ** (alicePrivate * bobPrivate) % public2
print('common key:', commonKey)

common key: 207


But Alice and Bob don't know each other's private Key, only its encrypted version. However, this is enough to compute the common key.

In [173]:
commonKey_Alice = computeCommonKey(alicePrivate, bobEncrypted, public2)
print('Alice computes the common key:', commonKey_Alice)
commonKey_Bob = computeCommonKey(bobPrivate, aliceEncrypted, public2)
print('Bob computes the common key:', commonKey_Bob)

Alice computes the common key: 207
Bob computes the common key: 207


## Attacks

An attacker might try to commpute the common key by decoding either Alice's of Bob's private key. Let's try to find Alice's private key by trying all possiblities.

In [174]:
def decryptKey(encryptedKey, publicKey1, publicKey2):
    for possibleKey in range(0, public2 - 1):
        if encryptKey(possibleKey, publicKey1, publicKey2) == encryptedKey:
            return possibleKey

In [175]:
aliceDecrypted = decryptKey(aliceEncrypted, public1, public2)
print('Alice private key has been hacked:', aliceDecrypted)

Alice private key has been hacked: 630


## Security

In our example, it was easy for an attacker to decrypt Alice's private key by trying every possibility. This is why in practice the public keys and private keys are chosen to be much longer: at least 2048 bits is recommended!

There is one more thing to be considered when choosing the public keys. Let's assume for a moment that we had taken a bad choice for $\mathrm{public1}$.

In [176]:
public1 = 1

This would be a serious security risk, because the common key would be $1$ no matter what Alice's and Bob's private keys are.

In [177]:
for i in range(0, public2 - 1):
    print(public1 ** i % public2)

1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1


The public keys in our example are better, because the common key can actually attain any value from $1$ to $\mathrm{public2} - 1$.

In [178]:
public1 = 6
for i in range(0, public2 - 1):
    print(public1 ** i % public2)

1
6
36
216
535
166
235
649
89
534
160
199
433
315
368
686
311
344
542
208
487
639
29
174
283
176
295
248
727
557
298
266
74
444
381
3
18
108
648
83
498
705
425
267
80
480
597
538
184
343
536
172
271
104
624
700
395
87
522
88
528
124
744
659
149
133
37
222
571
382
9
54
324
422
249
733
593
514
40
240
679
269
92
552
268
86
516
52
312
350
578
424
261
44
264
62
372
710
455
447
399
111
666
191
385
27
162
211
505
747
677
257
20
120
720
515
46
276
134
43
258
26
156
175
289
212
511
22
132
31
186
355
608
604
580
436
333
476
573
394
81
486
633
754
719
509
10
60
360
638
23
138
67
402
129
13
78
468
525
106
636
11
66
396
93
558
304
302
290
218
547
238
667
197
421
243
697
377
740
635
5
30
180
319
392
69
414
201
445
387
39
234
643
53
318
386
33
198
427
279
152
151
145
109
654
119
714
479
591
502
729
569
370
698
383
15
90
540
196
415
207
481
603
574
400
117
702
407
159
193
397
99
594
520
76
456
453
435
327
440
357
620
676
251
745
665
185
349
572
388
45
270
98
588
484
621
682
287
200
439
351
584
460
477

Mathematicians say that $6$ is a *primitive root of unity modulo $761$*.