Diffie-Hellman-Merkle

A key-agreement algorithm published in 1976 by Whitfield Diffie and Martin Hellman [DH76, R2631].

Usage: The algorithm is most often called "Diffie-Hellman". However, in the November 1978 issue of "IEEE Communications Magazine", Hellman wrote that the algorithm "is a public key distribution system, a concept developed by [Ralph C.] Merkle, and hence should be called 'Diffie-Hellman-Merkle' ... to recognize Merkle's equal contribution to the invention of public key cryptography."

Tutorial: Diffie-Hellman-Merkle does key establishment, not encryption. However, the key that it produces may be used for encryption, for further key management operations, or for any other cryptography.

The algorithm is described in [R2631] and [Schn]. In brief, Alice and Bob together pick large integers that satisfy certain mathematical conditions, and then use the integers to each separately compute a public-private key pair. They send each other their public key. Each person uses their own private key and the

other person's public key to compute a key, k, that, because of the mathematics of the algorithm, is the same for each of them. Passive wiretapping cannot learn the shared k, because k is not transmitted, and neither are the private keys needed to compute k.

The difficulty of breaking Diffie-Hellman-Merkle is considered to be equal to the difficulty of computing discrete logarithms modulo a large prime. However, without additional mechanisms to authenticate each party to the other, a protocol based on the algorithm may be vulnerable to a man-in-the-middle attack.