Diffie-Hellman Shared Key Calculator

Reviewed by the CalculatorHub team, edited by James Graham. Modular exponentiation key exchange. Last verified 17 June 2026.

Diffie-Hellman lets two parties create a shared secret over a public channel without ever sending the secret itself. They publicly agree on a prime modulus and generator, each keeps a private key, and each publishes a public key. Raising the other party's public key to your own private key produces the same shared secret for both. This calculator takes the prime, generator and two private keys and returns both public keys and the shared secret, computed with arbitrary-precision modular exponentiation. Use small numbers to learn, large standard primes for real use.

Prime modulus p

Generator g

Alice private key a

Bob private key b

Alice public A = g^a mod p

Bob public B = g^b mod p

Shared secret

Both sides match?

Diffie-Hellman formula

Alice public A = g^a mod p
Bob public B = g^b mod p
Alice computes s = B^a mod p
Bob computes s = A^b mod p
both equal g^(ab) mod p (the shared secret)

Exponentiation is done by fast modular exponentiation with BigInt, so very large p, g, a and b are supported exactly. The two computed secrets are equal because exponentiation commutes.

Diffie-Hellman context

The shared secret g^(ab) mod p is never transmitted; only the public keys are.
Security rests on the hardness of the discrete logarithm problem.
Real use needs primes of 2,048 bits or more, or elliptic-curve Diffie-Hellman.
Standardised groups are published in IETF RFC 3526 and related documents.
Plain DH has no authentication and must be paired with signatures or certificates.

Diffie-Hellman: frequently asked questions

How does Diffie-Hellman key exchange work?

Two parties agree on a public prime p and generator g. Each picks a secret private key (a and b) and sends the other their public key: A equals g^a mod p, B equals g^b mod p. Each then raises the received value to their own secret, yielding the same shared secret: B^a mod p equals A^b mod p equals g^(ab) mod p.

Why is the shared secret the same for both parties?

Because exponentiation commutes: (g^a)^b equals (g^b)^a equals g^(ab). Working modulo p, Alice computes B^a mod p and Bob computes A^b mod p, and both equal g^(ab) mod p. That common value is the shared secret, never transmitted directly.

What makes Diffie-Hellman secure?

Its security rests on the discrete logarithm problem: given g, p and g^a mod p, recovering a is computationally hard for a large, well-chosen prime p. An eavesdropper sees g, p, A and B but cannot feasibly derive the shared secret. Real deployments use primes of 2,048 bits or more.

What values should I use?

For learning, small primes like 23 with generator 5 illustrate the math. For real security you must use a large safe prime and a proper generator, such as the standard groups defined in IETF RFC 3526 or modern elliptic-curve Diffie-Hellman. This calculator handles arbitrary-size integers via BigInt.

Does this protect against a man-in-the-middle?

No. Plain Diffie-Hellman provides no authentication, so an active attacker can intercept and substitute public keys. Real protocols add authentication (signatures or certificates) on top of the key exchange to prevent man-in-the-middle attacks.

Official sources

NIST: key establishment schemes (SP 800-56A).
IETF: elliptic curves for security (RFC 7748).

Reviewed by the CalculatorHub team, edited by James Graham, 17 June 2026. See our methodology.