Diffie-Hellman (1976) allows two parties to establish a shared secret key over a public channel without any prior shared secret. Both parties agree on a public prime p and generator g. Alice picks secret a, sends g^a mod p; Bob picks secret b, sends g^b mod p. Both compute the shared key g^{ab} mod p. Security rests on the Computational Diffie-Hellman (CDH) assumption: given g^a and g^b, computing g^{ab} is hard without knowing a or b. DH is vulnerable to man-in-the-middle attacks without authentication. The protocol also works over elliptic curve groups (ECDH), offering equivalent security with smaller parameters.
In 1976, Whitfield Diffie and Martin Hellman published a protocol that solved one of the oldest problems in cryptography: how can two people who have never met establish a shared secret over a channel that anyone can listen to? Before their work, all encryption required a pre-existing shared key — to communicate securely, you first needed a secure channel to exchange keys, which was precisely the problem you were trying to solve. Diffie-Hellman key exchange breaks this circularity using the one-way nature of modular exponentiation.
The protocol is remarkably simple. Alice and Bob publicly agree on a large prime p and a generator g of a multiplicative group modulo p. Alice picks a random secret integer a and sends A = g^a mod p to Bob. Bob picks a random secret b and sends B = g^b mod p to Alice. Alice computes K = B^a = g^{ba} mod p; Bob computes K = A^b = g^{ab} mod p. Both arrive at the same shared secret K = g^{ab} mod p. An eavesdropper sees g, p, g^a, and g^b, but computing g^{ab} from this information appears to require solving the Computational Diffie-Hellman (CDH) problem, which is believed hard in well-chosen groups. The eavesdropper would need to either compute a discrete logarithm (find a from g^a) or find some other way to compute g^{ab} — and no efficient method is known.
The main vulnerability of basic DH is man-in-the-middle attack. An active attacker Mallory can intercept Alice's message, replace it with her own public value, and do the same to Bob. She ends up sharing one key with Alice and a different key with Bob, relaying (and reading) all messages between them. Neither Alice nor Bob detects the interception because basic DH provides no authentication — they have no way to verify whose public value they received. The solution is to authenticate the DH exchange, typically by having each party sign their DH public value with a long-term digital signature key (as in the TLS handshake) or by using certificates from a trusted authority.
Modern deployments predominantly use Elliptic Curve Diffie-Hellman (ECDH), which performs the same protocol in an elliptic curve group rather than a multiplicative group modulo a prime. Elliptic curve groups resist the index calculus attacks that apply to modular arithmetic, so a 256-bit elliptic curve provides approximately the same security as a 3072-bit prime — dramatically smaller keys and faster computation. TLS 1.3, the protocol securing most web traffic, mandates ECDH (or its post-quantum successors) and has removed classical DH entirely. The conceptual contribution of Diffie and Hellman — that secure key agreement is possible over public channels — remains the intellectual foundation of internet security, even as the specific groups and parameters evolve.