https://github.com/gsurma/diffie_hellman_key_exchange

Swift implementation of classic cryptographic key exchange method.
https://github.com/gsurma/diffie_hellman_key_exchange

cryptography diffie-hellman ios macos prime-numbers swift symmetric-key-cryptography

Last synced: about 1 year ago
JSON representation

Swift implementation of classic cryptographic key exchange method.

• Host: GitHub
• URL: https://github.com/gsurma/diffie_hellman_key_exchange
• Owner: gsurma
• License: mit
• Created: 2018-04-07T09:58:07.000Z (about 8 years ago)
• Default Branch: master
• Last Pushed: 2021-07-09T08:57:35.000Z (almost 5 years ago)
• Last Synced: 2025-04-01T10:14:41.389Z (about 1 year ago)
• Topics: cryptography, diffie-hellman, ios, macos, prime-numbers, swift, symmetric-key-cryptography
• Language: Swift
• Homepage: https://gsurma.github.io
• Size: 187 KB
• Stars: 15
• Watchers: 3
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Funding: .github/FUNDING.yml
  • License: LICENSE

Awesome Lists containing this project

README

          


  



# Diffie-Hellman Key Exchange

Swift implementation of classic cryptographic key exchange method.

## About

Diffie-Hellman Key Exchange allow parties to jointly establish a secure private key without sharing it in any way ([Forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy)) and then use it for a symmetric key cipher. 

## How does it work?

1. Both parties agree on a common component, which consists of two natural numbers p (modulus) and g (base). They can be completely random to make this work, but in order to make the process significantly harder to break, **p should be a prime and g should be primitive root modulo of p**. Check `DHParameters.swift` for more info.

2. Then both parties generate random private keys and then compute public keys which they share with each other. Public keys are computed as follows **publicKey = g^privateKey mod p**

3. Afterward, both parties can compute common secret key using own private key and peer's public key. They can do it using the following formula **secretKey = peerPublicKey^ownPrivateKey mod p** 

 Underlying math: 
 **(g^a mod p)^b mod p = g^ab mod p** 
 **(g^b mod p)^a mod p = g^ba mod p**

4. Now both parties can communicate using symmetric cryptography using a jointly established private key.






  



## What's so special about it?

This protocol is considered secure (check disclaimer), because it's relatively hard for eavesdroppers to compute a common secret key knowing only public keys if p is big enough.

### Disclaimer

Don't use it in a production environment. Generated keys are very small (Int64) thus making them easily breakable.

Use already generated [RFC primes](https://www.ietf.org/rfc/rfc3526.txt), but even them [may not be strong enough](https://arstechnica.com/information-technology/2015/10/how-the-nsa-can-break-trillions-of-encrypted-web-and-vpn-connections/).

## Author

**Greg (Grzegorz) Surma**

[**PORTFOLIO**](https://gsurma.github.io)

[**GITHUB**](https://github.com/gsurma)

[**BLOG**](https://medium.com/@gsurma)