Home/Cryptography/Key Exchange

Key Exchange

Establishing Shared Secrets

11 min read Updated 2024

The Problem

How can two parties who've never met establish a shared secret key over a public channel that anyone can observe?

Color Mixing Analogy
Public: Yellow paint (everyone sees)
Alice: Adds secret red → Orange (sends to Bob)
Bob:   Adds secret blue → Green (sends to Alice)

Alice: Orange + blue = Brown
Bob:   Green + red = Brown

Both have Brown! Observer only saw Yellow, Orange, Green
Cannot derive Brown without knowing red or blue

Diffie-Hellman (DH)

The original key exchange protocol (1976). Uses the difficulty of computing discrete logarithms.

DH Protocol
Public: prime p, generator g
Alice: secret a, sends g^a mod p
Bob: secret b, sends g^b mod p
Shared: (g^b)^a = (g^a)^b = g^ab mod p

Modern Variants

ECDH

Elliptic Curve DH - smaller, faster

Recommended

X25519

Curve25519 - fast, secure, widely used

Best Practice

ML-KEM (Kyber)

Post-quantum key encapsulation

Future

Man-in-the-Middle

!

Warning: Basic DH is vulnerable to MITM attacks. An attacker can perform separate key exchanges with each party. Solution: authenticate the exchange using signatures or pre-shared keys.

Where It's Used

  • TLS/HTTPS handshake
  • Signal Protocol (X3DH)
  • SSH key exchange
  • VPN protocols (IKE)
  • WireGuard (Noise framework)