# Diffie Hellman - Symmetric or Asymmetric

teancum144
Member Posts:

**229**■■■□□□□□□□
The Diffie Hellman (DH) algorithm allows each party to compute the same secret key from a shared (non-private) prime number, a secret number, and two public numbers (computed from each party’s secret number). And this without ever exchanging the secret key - impressive!

However, the product of DH is symmetric keys (not asymmetric keys).

Wikipedia: "The Diffie–Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher."

DH is viewed as a public key algorithm because, from above, "two public numbers (computed from each party’s secret number)" are used to derive a symmetric key." These public numbers can be viewed as public keys used to derive a private symmetric key. However, these public numbers are not used in combination with a private key to encrypt or decrypt anything (no public/private key combination exists).

In summary, I don't see how DH can be viewed as an asymmetric algorithm when it clearly produces symmetric keys. Thoughts?

However, the product of DH is symmetric keys (not asymmetric keys).

Wikipedia: "The Diffie–Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher."

DH is viewed as a public key algorithm because, from above, "two public numbers (computed from each party’s secret number)" are used to derive a symmetric key." These public numbers can be viewed as public keys used to derive a private symmetric key. However, these public numbers are not used in combination with a private key to encrypt or decrypt anything (no public/private key combination exists).

In summary, I don't see how DH can be viewed as an asymmetric algorithm when it clearly produces symmetric keys. Thoughts?

If you like my comments or questions, you can show appreciation by clicking on the reputation badge/star icon near the lower left of my post.

#### Categories

- 111.7K All Categories
- 330 Welcome Center
- 70 Announcements
- 6 Forum Rules of Engagement
- 187 Introduce Yourself
- 51 TechExams Support
- 88.6K Certification Preparation
- 131 Check Point: CCSA & CCSE
- 32.9K Cisco
- 21.6K CCNA & CCENT
- 370 CCDA & CCDP
- 9K CCNP
- 7 Cisco CyberOps
- 1.7K CCIE
- 527 Cloud Certifications
- 192 Amazon Web Services (AWS)
- 36 Azure
- 119 CCSP
- 78 Cloud+ & Cloud Essentials
- 15.5K CompTIA
- 5K A+
- 244 CASP+
- 113 CySA+
- 973 Linux+
- 4.4K Network+
- 34 PenTest+
- 266 Project+
- 3.9K Security+
- 332 Server+
- 251 Other CompTIA Certifications
- 1.2K EC-Council
- 586 CHFI
- 625 CEH
- 1.4K GIAC
- 46 IAPP
- 1K ISACA
- 27 CRISC
- 284 CISA
- 706 CISM
- 4.3K (ISC)²
- 660 CISSP
- 35 CSSLP
- 3.6K SSCP
- 926 Juniper
- 736 LPI, Red Hat & Linux Foundation
- 18.6K Microsoft
- 150 MCSA 2016 / MCSE 2016
- 161 Windows 10 exams
- 139 Windows 8 exams
- 1.4K Windows 7 exams
- 1.6K MCSA / MCSE on Windows 2012 General
- 2.3K MCTS / MCITP on Windows 2008 General
- 828 Exchange Server & Office Communications Server Exams
- 536 Other Microsoft Electives
- 349 MCSA/MCSE: Security
- 300 Microsoft Developers Certifications
- 485 SQL Server exams
- 160 Offensive Security: OSCP & OSCE
- 2K Other Security Certifications
- 345 Virtualization Certifications
- 231 Citrix Certifications
- 104 VMware
- 1.9K Other Certifications
- 14 Business Analyst Certifications
- 391 CWNP Certifications
- 873 ITIL Certifications
- 220 Project Management Certifications
- 85 Apple Mac OS X Certifications
- 62 Novell Certification
- 81 Oracle Certifications
- 52 Sun Microsystems Java Certification
- 113 Storage Certifications
- 6.7K General Certification
- 17.9K Education & Development
- 63 Colleges & Schools
- 88 Educational Resources
- 17.7K IT Jobs / Degrees
- 66 Professional Development
- 359 Cybersecurity
- 19 Auditing & Compliance
- 16 Cloud Security & IoT
- 14 Cryptography & PKI
- 36 Cybersecurity Management
- 5 Data Science & Machine Learning
- 9 Forensics
- 9 ICS/SCADA Security
- 25 Incident Response
- 7 Linux Security
- 11 OWASP
- 32 Pentesting
- 41 Security Awareness & Training
- 52 Security News & Breaches
- 10 Windows Security
- 20.1K General
- 31 Conferences & Events
- 21 Computer Gaming
- 7 Data Center
- 81 Classifieds
- 49 For Sale
- 6 Wanted (ISO)
- 16 Help Wanted
- 16 Just for Fun
- 14 Networking
- 17.5K Off-Topic
- 20 Scripting
- Show Us Your Tech!
- 20 Troubleshooting
- 2.4K Virtualization

## Comments

598■■■■□□□□□□DH is used to produce the symmetric key for a symmetric algorithm. DH in itself is not a data encryption algorithm necessarily but a way to agree on a secret key via a public network. Make sense?

The key term here is discrete logarithm. DH is one of my favorite things, it's extremely cool so let me elaborate:

Alice and Bob want to do a symmetric encryption of all their data between themselves. Symmetric encryption is faster and they need to get the data in between themselves confidentially and fast. So in order to use a symmetric algorithm they need to agree on a key to use, and it needs to be the same for encryption and decryption.

Using DH this is what they do (simplifying it a bit):

Alice and Bob decide, publicly on a number (15). Alice then chooses a secret number(2) that no one knows and takes the public number and puts it to the power of her secret number (15^2=225) and sends the result (225) to Bob.

Bob then does the same exact thing that Alice does, but with his secret number(3). So he takes the public number(15) and puts it to the power of his secret number (15^3=3375) and then sends the result (3375) to Alice.

At this point in the game Alice has Bob's result 3375 and Bob has Alice's result of 225. Now the fun part. Alice takes' Bob's result (3375) and puts it to the power of her secret number(3375^2=11390625). Then Bob takes Alice's result and puts it to the power of his secret number (225^3=11390625). Magically(or shall we say "mathically") they come up with the same number!

598■■■■□□□□□□229■■■□□□□□□□- a shared (non-private) prime number
- a unique secret number for each party
- two public numbers (computed from the shared prime number and the secret number)

The above includes both public and private (asymmetric) keys as inputs to the DH algorithm to produce the symmetric key - which will be used in a completely different algorithm (symmetric). I'm so used to asymmetric referring to different (public/private) keys used to encrypt/decrypt data (not to create a symmetric key). I didn't view DH's inputs (public/private numbers) as asymmetric keys. I only viewed the output (symmetric private key) as the DH algorithm's key.In hindsight, I wonder why I couldn't see it.

3666,927Modgeek!!! Lol

598■■■■□□□□□□1,588@teancum144, you'll the see the same thing with other asymmetric algorithms like SSL and TLS. They use asymmetric algorithms to create a symmetric key.

CompTIA A+, Network+, Security+ Blogs

Daily Network+ and Security+ Test Taking Tips on Twitter

12■□□□□□□□□□The actual method - (refer to CBK official guide by Hernandez)

The prime number (p) and primitive root (g) used in Diffie–Hellmann are common to most users. this example will use p = 353 and g = 3.

Each user A, B would choose a random secret key X that must be less than the prime number.

If A chose the secret key of 97, one could write its secret key as XA = 97. The public key, YA, for user A would be calculated as YA = gAx mod p. Therefore, A would calculate YA = 397 mod 353 = 40.

If B chose the secret key of 233, the public key, YB, for user B would be calculated as YB = gBx mod p. Therefore, B would calculate YB = 3233 mod 353 = 248.

A and B would then exchange the public keys that they had calculated.

Using the following formula, they would each compute the common session key:

A computes the common key, K, as

B computes the common key as

The two parties A and B can now encrypt their data using the symmetric key of 160. This would be an example of a hybrid system.

I am sorry if I have been rude but that was not my intention..