Protocol

Public: prime p, generator g. Alice: private a, sends A = g^a mod p. Bob: private b, sends B = g^b mod p. Shared: g^(ab) = A^b = B^a.

Advertisement

Security

Eavesdropper sees A, B but computing g^(ab) requires discrete log — believed hard.

Advertisement

Man-in-the-middle

Basic DH has no authentication. Combine with signature (authenticated DH) or use in authenticated context (TLS with cert).

Elliptic curve DH

ECDH: same protocol on elliptic curve group. Smaller keys (256-bit ≈ RSA 3072). Standard in TLS 1.3.