Watch Alice and Bob derive an identical shared secret over a public channel, without ever transmitting their private keys. Adjust every variable in real time and see the modular arithmetic update instantly.
Step 1 of 4 - Set Public Parameters (Shared Openly)
Presets:
Public (visible to everyone)Alice's private valuesBob's private valuesShared secret (derived independently)
Steps 2-4 - The Exchange Room
👤 Alice
Private Key (a)6
Step 2 - Choose Private Key
a = 6
(kept secret)
Step 3 - Compute Public Key (A)
ga mod p
?
Step 4 - Receive Bob's Public Key (B)
B = ?
Step 5 - Compute Shared Secret
Ba mod p
?
→
🔒
→
👥 Bob
Private Key (b)15
Step 2 - Choose Private Key
b = 15
(kept secret)
Step 3 - Compute Public Key (B)
gb mod p
?
Step 4 - Receive Alice's Public Key (A)
A = ?
Step 5 - Compute Shared Secret
Ab mod p
?
🔐 Shared Secret
?
Complete the exchange above to reveal the shared secret.
Alice computed: Ba mod p = ?
Bob computed: Ab mod p = ?
Advertisement
Key Terms Explained
Diffie-Hellman (DH)
A cryptographic key exchange protocol invented in 1976 by Whitfield Diffie and Martin Hellman. It allows two parties to establish a shared secret over an insecure channel without prior contact.
Shared Secret
The identical number that both Alice and Bob independently compute at the end of the exchange. It is never transmitted over the network yet both parties arrive at the same value.
Prime Number (p)
A number divisible only by 1 and itself. The prime p is the public modulus in Diffie-Hellman. Its size determines the security level - real implementations use primes of 2048 bits or larger.
Generator (g)
Also called a primitive root, g is a public base number chosen so that its powers modulo p cycle through all integers from 1 to p-1. This property is essential for the protocol to work.
Modular Exponentiation
The operation g^x mod p - raise g to the power x, then find the remainder when dividing by p. It is fast to compute forward but computationally infeasible to reverse with large numbers.
Private Key
A secret random number chosen by each party (a for Alice, b for Bob) that is never shared with anyone. All security rests on keeping this value secret.
Public Key
A value derived from the private key via modular exponentiation (A = g^a mod p). It can be shared openly with anyone. Knowing the public key does not reveal the private key.
Man-in-the-Middle Attack
An attack where an adversary intercepts the exchange, creating separate shared secrets with Alice and Bob. DH alone does not prevent this - authentication via certificates (as used in TLS) is required.
Discrete Logarithm Problem
Given A, g, and p where A = g^a mod p, find a. This is believed to be computationally hard for large primes, forming the security foundation of Diffie-Hellman.
The Complete Guide to Diffie-Hellman Key Exchange
Every time you visit a website with "https://" in the address bar, a key exchange happens invisibly in milliseconds. Your browser and the server agree on a secret encryption key without ever sending that key over the internet. The mechanism making this possible is, at its mathematical core, exactly what you are experimenting with above.
How to Use This Simulator
Start with the Presets to load verified working parameters. Alice and Bob's private key sliders update all the math instantly - watch how changing a private key changes the public key but the protocol still produces the same shared secret at the end. Click "Send Public Key" for each party to animate the exchange. Both will independently compute the same shared secret from the other's public key combined with their own private key. Hit Reset to try different combinations.
The Mathematics Step by Step
The public parameters p (prime) and g (generator) are agreed upon openly - anyone can know them. Alice picks a private integer a and computes her public key: A = g^a mod p. Bob picks a private integer b and computes his public key: B = g^b mod p. They exchange A and B over the public channel. Alice then computes the shared secret as B^a mod p. Bob independently computes it as A^b mod p. These two computations yield the same result because B^a mod p = (g^b)^a mod p = g^(ab) mod p = (g^a)^b mod p = A^b mod p. The exponent ab appears in both computations - it is the shared secret - but neither party ever transmitted it.
Why Small Numbers Work for Learning
This simulator uses small primes (p = 23 to 257) so that you can follow the arithmetic mentally or on paper. In real TLS connections, p is a 2048-bit prime - a number with roughly 617 decimal digits. The private keys are also hundreds of digits long. The protocol logic is identical at any scale, but with small numbers you can verify every step, which is exactly the point of an educational tool.
The Color Mixing Intuition
The most famous analogy for Diffie-Hellman uses paint mixing. Imagine everyone can see a shared bucket of yellow paint (the generator g). Alice pours in a secret color known only to her (her private key a) and sends the mixed result to Bob. Bob does the same - adds his own private color (b) to the yellow and sends his mixture to Alice. Now Alice takes what Bob sent and adds her secret color again. Bob takes what Alice sent and adds his secret color. Remarkably, both end up with the same three-color mixture - the shared secret - even though they only exchanged two-color mixtures in public. An eavesdropper who sees both two-color mixtures cannot easily determine the final three-color result without knowing at least one private color, which maps directly to the Discrete Logarithm Problem.
Forward Secrecy
Modern TLS implementations use Ephemeral Diffie-Hellman (DHE or ECDHE), where fresh private keys are generated for every single connection and immediately discarded afterward. This property is called Perfect Forward Secrecy. Even if an attacker recorded your encrypted traffic today and somehow obtained a long-term private key years from now, they still cannot decrypt your past sessions because the ephemeral keys used for those sessions no longer exist. This is one of the strongest security properties in modern cryptography.
Frequently Asked Questions
Why is Diffie-Hellman the foundation of HTTPS and SSL/TLS?
+
Every HTTPS connection begins with a handshake where your browser and the server must agree on a shared encryption key - but they are communicating over a public network that anyone can monitor. Diffie-Hellman (and its elliptic curve variant ECDHE) solves this by allowing both parties to derive an identical secret from exchanged public values, without that secret ever appearing on the wire. The shared secret then seeds a symmetric cipher like AES for the rest of the session. Without this mechanism, establishing an encrypted channel over an untrusted network would be impossible.
Why can a hacker not just calculate the private keys from the public ones?
+
Computing a public key from a private key requires modular exponentiation: A = g^a mod p. This is fast in one direction. Reversing it - finding the exponent a given A, g, and p - is the Discrete Logarithm Problem (DLP). When p is a large prime (2048 or 4096 bits in real-world use), no efficient algorithm exists to solve this in any practical timeframe. Even the fastest known algorithms would take longer than the age of the universe on classical hardware. The asymmetry between the easy direction (exponentiation) and the hard direction (discrete logarithm) is the mathematical trapdoor that makes Diffie-Hellman secure.
What is the color mixing analogy for Diffie-Hellman?
+
Imagine Alice and Bob each have a secret private color. They both start with the same public shared color (yellow, like the generator g). Alice mixes her secret color into yellow and sends the result to Bob. Bob does the same and sends his result to Alice. Now each takes what they received and mixes in their own private color again. Both end up with the same final mixture - the shared secret - even though they never exchanged their private colors directly. An eavesdropper who sees only the public mixed colors cannot easily determine what private color each person added. This maps to the Discrete Logarithm Problem: seeing A and knowing g and p does not reveal a.
Are the numbers used in this simulator secure for real-world encryption?
+
No. This simulator uses small prime numbers (like p=23) intentionally so that the math remains readable and each step is verifiable by hand. In real-world usage, the prime p must be at least 2048 bits long - a number with roughly 617 decimal digits. With a small prime like 23, an attacker can simply try all possible private key values in milliseconds. The protocol logic is mathematically identical regardless of prime size, so small primes are ideal for learning the concept. For actual encryption, TLS 1.3 defaults to Elliptic Curve Diffie-Hellman (ECDHE) with curves like X25519, which provides equivalent security to 3072-bit classic DH with far shorter keys.
What is a Man-in-the-Middle attack and does Diffie-Hellman prevent it?
+
In a Man-in-the-Middle (MitM) attack, an attacker intercepts communication between Alice and Bob, impersonating each party to the other. The attacker establishes a separate Diffie-Hellman exchange with Alice (pretending to be Bob) and another with Bob (pretending to be Alice). Both Alice and Bob believe they have a shared secret with each other, but the attacker controls both secrets and can read every message. Diffie-Hellman alone does not prevent this because neither party can verify who they are actually communicating with. Real-world TLS solves this by combining Diffie-Hellman with digital certificates signed by trusted Certificate Authorities, which authenticate the server's identity before the key exchange begins.
This tool is for educational purposes only. The small prime numbers used here are not cryptographically secure and should never be used for real encryption. For production security, use established libraries and protocols such as TLS 1.3 with ECDHE. All calculations run entirely in your browser - no data is transmitted or stored.