Protocol
Public: prime p, generator g. Alice: private a, sends A = g^a mod p. Bob: private b, sends B = g^b mod p. Shared: g^(ab) = A^b = B^a.
Advertisement
Security
Eavesdropper sees A, B but computing g^(ab) requires discrete log — believed hard.
Advertisement
Man-in-the-middle
Basic DH has no authentication. Combine with signature (authenticated DH) or use in authenticated context (TLS with cert).
Elliptic curve DH
ECDH: same protocol on elliptic curve group. Smaller keys (256-bit ≈ RSA 3072). Standard in TLS 1.3.