Diffie-Hellman Test

Proof of concept that you can do a Diffie-Hellman key exchange between a browser running JavaScript and a web server running C.

Diffie-Hellman key exchange is a way for two parties to agree on a shared secret key without letting any hypothetical eavesdroppers know what the key is. It works like this:

Now both parties have the same shared secret number s.

Doing the calculations requires arbitrary-precision arithmetic, a.k.a. "bignums". In C this is widely available as part of the libcrypto library. In JavaScript, there are a few packages available. This demo uses biginteger.js by Matthew Crumley.

Let's try it out. Start by choosing a group, the p&g pair. The groups in the selector come from RFC2409 and RFC3526 and are recommended for use with DH. Or you can paste in your own numbers if you know what you're doing. There are trade-offs in choosing a group to use - use one of the standard ones and maybe the NSA has pre-computed an attack table for it; make your own group and maybe you'll get a detail wrong.


Now, phase 1: choose a random number a and compute A = ga mod p.


Phase 2: choose a random number b and compute B = gb mod p; also use the A from phase 1 to compute s = Ab mod p.


Phase 3: use the a from phase 1 and the B from phase 2 to compute s = Ba mod p.


Now you have s two different ways.

You can also run the same calculations on a Unix system if you have one handy. Fetch dhtest.c and compile it like so:

cc -Wall -I/usr/local/include dhtest.c -L/usr/local/lib -lcrypto -o dhtest

The dhtest program can do all three phases of the DH exchange. Normally the server side would do phase 2, but let's run it on phase 3 so we can compare results. Here's the command with the same numbers as above:

./dhtest -3    

It should give you the same value for s that you got above. This demonstrates that the JavaScript version running in the browser and the C version running on the server can interoperate.

Now that we've established that it's possible, is DH in the browser a good idea? Probably not.

Check out this 2011 blog post by Thomas Ptacek or this 2013 blog post by Tony Arcieri for lots more reasons.

In summary: cool experiment, not really useful.

ACME Labs / DH Test