Diffie-Hellman in under 25 lines

How can you and I agree on a secret without anyone eavesdropping being able to intercept our communications? At first, the idea sounds absurd – for the longest time, without a pre-shared secret, encryption was seen as impossible. In World War II, the Enigma machines relied on a fairly complex pre-shared secret – the Enigma configurations (consisting of the rotor drum wirings and number of rotors specific to the model, the Ringstellung of the day, and Steckbrett configurations) were effectively the pre-shared key. During the Cold War, field operatives were provided with one-time pads (OTPs), randomly (if they were lucky) or pseudorandomly (if they weren’t, which was most of the time) generated1 one time pads (OTPs) with which to encrypt their messages. Cold War era Soviet OTPs were, of course, vulnerable because like most Soviet things, they were manufactured sloppily.2 But OTPs are vulnerable to a big problem: if the key is known, the entire scheme of encryption is defeated. And somehow, you need to get that key to your field operative.

Enter the triad of Merkle, Diffie and Hellman, who in 1976 found a way to exploit the fact that multiplying primes is simple but decomposing a large number into the product of two primes is difficult. From this, they derived the algorithm that came to be known as the Diffie-Hellman algorithm.3


How to cook up a key exchange algorithm

The idea of a key exchange algorithm is to end up with a shared secret without having to exchange anything that would require transmission of the secret. In other words, the assumption is that the communication channel is unsafe. The algorithm must withstand an eavesdropper knowing every single exchange.

Alice and Bob must first agree to use a modulus p and a baseg, so that the base is a primitive root modulo the modulus.

Alice and Bob each choose a secret key a and b respectively – ideally, randomly generated. The parties then exchange A = g^a \mod(p) (for Alice) and B = g^b \mod(p) (for Bob).

Alice now has received B. She goes on to compute the shared secret s by calculating B^a \mod(p) and Bob computes it by calculating A^b \mod(p).

The whole story is premised on the equality of

A^b \mod(p) = B^a \mod(p)

That this holds nearly trivially true should be evident from substituting g^b for B and g^a for A. Then,

g^{ab} \mod(p) = g^{ba} \mod(p)

Thus, both parties get the same shared secret. An eavesdropper would be able to get A and B. Given a sufficiently large prime for p, in the range of 6-700 digits, the discrete logarithm problem of retrieving a from B^a \mod(p) in the knowledge of B and p is not efficiently solvable, not even given fairly extensive computing resources. Read more

References   [ + ]

1.As a child, I once built a pseudorandom number generator from a sound card, a piece of wire and some stray radio electronics, which basically rested on a sampling of atmospheric noise. I was surprised to learn much later that this was the method the KGB used as well.
2.Under pressure from the advancing German Wehrmacht in 1941, they had duplicated over 30,000 pages worth of OTP code. This broke the golden rule of OTPs of never, ever reusing code, and ended up with a backdoor that two of the most eminent female cryptanalysts of the 20th, Genevieve Grotjan Feinstein and Meredith Gardner, on whose shoulders the success of the Venona project rested, could exploit.
3.It deserves noting that the D-H key exchange algorithm was another of those inventions that were invented twice but published once. In 1975, the GCHQ team around Clifford Cocks invented the same algorithm, but was barred from publishing it. Their achievements weren’t recognised until 1997.

Panna cotta time!

Panna cotta time!

Summertime is panna cotta time! A panna cotta (Italian for ‘cooked cream’) is a great dessert for hot days, as it’s light, does not melt (like chocolate does), and feels cool without weighing your tummy down. It can even substitute for a full meal as it’s a fairly strong dish.

15′ + 3-5h in fridge
Easy peasy


  • 3 cups of heavy cream (‘double cream’ for Limeys) or mascarpone
  • 1/3 cup fine sugar
  • 35ml milk
  • 2 teaspoonfuls of vanilla extract, ideally alcoholic
  • 1 tablespoon or 2 normal sheets of gelatin (be sure to get one you trust, bad gelatin is worse than no gelatin!)
  • Frozen fruit (raspberries, blueberries and forest fruits are generally the best) – alternatively, simply keep the fruit in the fridge for 3-4 hours
  • Finely grated lemon peel (the real thing, not freeze-dried crap)

  1. Add the milk to the saucepan and gently warm. Dissolve the mascarpone or cream in the saucepan, using a whisk if needed.
  2. Add the vanilla extract.
  3. In a separate saucepan, warm up 25-30ml water and dissolve the gelatin.
  4. Pour gelatin into the milk/cream mixture and gently dissolve.
  5. Divide among 6-8 ramekin dishes or small Kilner jars.
  6. Drop in the cold fruits.
  7. Sprinkle lemon peel over the mixture.
  8. Put into fridge, covering it either only very gently with a paper towel or not at all.
  9. Leave to cool for 3-4 hours. Enjoy cold, with a root beer or as a treat on a hot summer day.