diffie hellman calculator - Aaron Graves, PhDude Replica

Diffie-Hellman Key Exchange Calculator

Enter public parameters (p, g) and private secrets (a, b) to compute public keys and the shared secret.

Prime modulus (p)

Use a positive prime number. For real cryptography, this must be very large.

Generator (g)

Must satisfy 1 < g < p.

Alice private key (a)

Bob private key (b)

What this Diffie-Hellman calculator does

This tool demonstrates the full Diffie-Hellman key exchange workflow: both participants start with shared public values, choose private values independently, generate public keys, and arrive at the same shared secret without transmitting that secret directly.

In short, the calculator computes:

Alice public key: A = g^a mod p
Bob public key: B = g^b mod p
Alice shared secret: K_A = B^a mod p
Bob shared secret: K_B = A^b mod p

If everything is valid, K_A = K_B.

Quick refresher: why Diffie-Hellman matters

Diffie-Hellman is one of the foundational ideas behind modern secure communication. It enables two parties to create a shared key over an insecure channel. An observer can see all public traffic (p, g, A, B) but cannot feasibly recover the private values (a, b) when proper parameters are used.

This shared key can then be used with a symmetric cipher (like AES) to encrypt actual messages.

How to use this calculator

1) Enter public values

Start with a prime modulus p and a generator g. For learning, small values are fine. For real-world use, values must be large and standardized.

2) Enter private keys

Alice chooses a and Bob chooses b. These are secret exponents and should never be transmitted.

3) Calculate and verify

Click Calculate to compute both public keys and both derived secrets. If the protocol inputs are valid, both sides produce the same shared key.

Example walk-through

Using the built-in example p=23, g=5, a=6, b=15:

Alice public key: A = 5⁶ mod 23 = 8
Bob public key: B = 5¹⁵ mod 23 = 19
Alice computes: 19⁶ mod 23 = 2
Bob computes: 8¹⁵ mod 23 = 2

Both sides independently reach shared secret 2.

Important security notes

Use this page for learning and validation

Browser-based calculators are excellent for understanding math and verifying examples, but do not use ad-hoc parameters from a web form for production security.

Best practices in real systems

Use vetted groups/curves and established libraries.
Use sufficiently large parameters (or modern elliptic-curve variants).
Authenticate key exchange (e.g., TLS certificates) to prevent man-in-the-middle attacks.
Rotate ephemeral keys for forward secrecy.

Common mistakes this calculator helps reveal

Choosing a non-prime modulus p.
Using invalid generator values (like g ≤ 1 or g ≥ p).
Accidentally sharing private exponents.
Assuming "shared secret matches" alone implies full protocol security.

The tool validates basic constraints and warns you when your modulus does not look prime.

Final takeaway

Diffie-Hellman is elegant because both parties can agree on a key without ever sending that key. If you are learning cryptography, experimenting with small integer examples like this is one of the fastest ways to build intuition.