How RSA and the Diffie-Hellman Key Exchange Became the Most Popular Cryptosystems

How RSA and the Diffie-Hellman Key Exchange Became the Most Popular Cryptosystems

September 03, 2019


Reading time
6 mins

You may take it for granted, but almost everything you do online is secure, thanks in large part to an algorithm known as RSA. The acronym is short for Rivest-Shamir-Adleman, which are the last names of the three young inventors who came up with the concept in 1977 at MIT. Ron Rivest, Adi Shamir and Leonard Adleman based their discovery on the work of 18th-century Swiss mathematician Leonard Euler.

But Rivest, Shamir, and Adleman weren’t the only innovators at the time who were working on public-key encryption. In fact, two technologists at Stanford, Whitfield Diffie and Martin E. Hellman, introduced their own public-key cryptosystem in June 1976 just ahead of the RSA algorithm. Diffie and Hellman’s cryptosystem differed from RSA in the way it worked, but both paved the way for modern-day secure communication.

What is RSA?

RSA is a form of public-key cryptography, which is used to secure communication between multiple parties. The exchange uses public keys to encrypt data as it travels electronically. RSA is what’s known as asymmetric cryptography, which uses a combination of public and private keys for security. The public key can be used by anyone to encrypt messages, but only the party holding the corresponding private key can unlock the message.

With RSA in place, a browser initiates the transaction by submitting a public key to the server, which encrypts the information before sending it on to the client. Once the client receives the data, the private key is used to decrypt it.

RSA versus the Diffie-Hellman key exchange

Both RSA and the Diffie-Hellman Key Exchange serve as the foundation for the security we use today. However, the two technologies differ dramatically. The Diffie-Hellman approach has each party generate both a public and private key, but only the public key is shared. Once the client on either end of the transaction has verified the other person’s public key, the exchange can be shared.

Because the Diffie-Hellman Key Exchange doesn’t authenticate either party, a hacker could more easily send spoof messages posing as one of the parties in the transaction. For this reason, the Diffie-Hellman approach requires an additional digital signature component. Both RSA and the Diffie-Hellman Exchange have their merits, with technology professionals commonly choosing one over the other due to their own personal preferences. RSA permits digital signatures, a key differentiator from the Diffie-Hellman approach.

Although both the Diffie-Hellman Key Exchange and RSA are the most popular encryption algorithms, RSA tends to be more popular for securing information on the internet. Still, cryptography varies from one site to the next, so you probably encounter a combination of both types throughout a given day without even realizing it.

Paving the way for public-key encryption: enter Diffie and Hellman

Whitfield Diffie began learning about cryptography within a year of learning to read. His father had brought home a stack of library books on the subject, and the 10-year-old dove in (Diffie didn’t begin to read until he was in fifth grade). Soon his interest in technology was ignited, reappearing years later when he became a resident guest at the MIT artificial intelligence lab. In 1969, he moved across the country to Stanford’s artificial intelligence lab.

It was during his time at Stanford that Diffie began his early work that would lead to his future cryptology innovations. After a leave of absence in the 70s, where he traveled the country to learn more about cryptology, he returned to Stanford and met  Martin E. Hellman. As part of his Ph.D. dissertation at Stanford, Hellman worked at IBM’s Thomas J. Watson Research Center, where a new cryptographic research program was underway.

A shared passion for cryptology

What started as an early-afternoon meeting stretched on for hours, with Diffie and Hellman continuing their conversation through dinner and well into the evening. Hellman later referred to it as “a mild epiphany,” as two “intellectual soul mates” came together to discuss their passion.

Although cryptology was already well underway when Diffie and Hellman met, there was not yet a way for two parties to securely communicate. You can probably imagine that would be a problem worth solving, considering the way we shop, interact, and share documents online today. What Diffie and Hellman came up was a public-key cryptosystem, which combined public-key distribution with digital signatures. This technology would allow people to communicate on a public channel on the fly with the confidence of knowing the interaction was confidential.

New directions in cryptography

Diffie and Hellman introduced their public-key cryptosystem at the IEEE Information Theory Symposium in June 1976. Titled New Directions in Cryptography, their paper began with the statement, “We stand today on the brink of a revolution in cryptography.” It wasn’t inaccurate. In fact, the concept they introduced became the backbone of the technology used in everything from online payments to emails and cloud-hosted files.

In the paper, the innovators gave credit to Ralph Merkle, a master’s student who was working on cryptography at the University of California-Berkeley. Noting that Merkle wasn’t getting the attention he deserved at Berkeley, Dr. Hellman encouraged him to come to Stanford, where Merkle continued his work. In 1974, Merkle created his own public-key encryption concept, which included a proof of concept called Merkle Puzzles. His approach wasn’t quite as elegant as the one Diffie and Dr. Hellman had devised, but the two acknowledged his pioneering work as important to moving the concept forward.

Cryptography pushback

The road to taking their ideas public wasn’t without its speed bumps, though. When Diffie and Hellman were working on the idea, colleagues discouraged them from moving forward, citing the hold the National Security Agency had on cryptography at the time. It would be tough to compete with the NSA’s big budget, friends cautioned, but Diffie and Hellman weren’t deterred.

Sure enough, the publication of New Directions in Cryptography caught the NSA’s attention. In addition to seeking to limit the publication’s reach, the NSA allegedly reached out to the publisher, mentioning that Diffie and Hellman could face jail time. This kicked off something that later became known as the crypto wars, motivated by the NSA’s fears that the public release of information on cryptology would put national security at risk.

As important as national security is, it was essential for the technology to be available on a widespread basis in order for the internet to become what it is today. Without strong security, shopping on Amazon and using cloud-based software would be a much more dangerous proposition.

2015 A.M. Turing Award

In 2016, Diffie and Dr. Hellman were honored with the Association for Computing Machinery’s  A.M. Turing Award, which has been called the Nobel Prize of computing. The prize comes with a $1 million award, funded by Google, as well as the respect and acknowledgment of the entire technology industry.

Both Diffie and Dr. Hellman remain active at Stanford today, regularly showing up for seminars at the Center for International Security and Cooperation. They also often mentor pre- and postdoctoral fellows on topics related to cybersecurity.

Tags: Security,

Similar Posts

The New CISO Podcast: Management Tools

Exabeam News Wrap-up – Week of June 13, 2022

One Week of Gartner Security & Risk Summit 2022 in 10 Minutes

Recent Posts

Exabeam in Action: Stopping Lapsus$ in Their Tracks

Ransomware: Bigger, Better, and Still Going Strong

The Benefits of UEBA Technology with Industry Experts at the Helm

See a world-class SIEM solution in action

Most reported breaches involved lost or stolen credentials. How can you keep pace?

Exabeam delivers SOC teams industry-leading analytics, patented anomaly detection, and Smart Timelines to help teams pinpoint the actions that lead to exploits.

Whether you need a SIEM replacement, a legacy SIEM modernization with XDR, Exabeam offers advanced, modular, and cloud-delivered TDIR.

Get a demo today!