 Secure cryptography requires both Alice and Bob have a key, so how do they exchange keys? The problem is, if they don't encrypt the key, Eve can intercept it, but if they do encrypt the key, how do they send the key to encrypt the key? So one possibility is the following. Imagine a company has a secret recipe. How can they keep the recipe secret? One way is to have two facilities. Factory A produces a mixture of half the ingredients, and Factory B produces a mixture of half the ingredients. And the factories then swap outputs and add the same halves. The important idea here is that only half the recipe is known at Factory A, and half the recipe is known at Factory B. And so the complete recipe doesn't exist anywhere. Now we can do that in cryptography using what's known as the Diffie-Hellman-Key Exchange Protocol. And this works as follows. First, Alice and Bob agree on a base A and a modulus n. Then Alice takes some random number xA and computes m congruent to A to power xA mod n, sending this to Bob. And Bob does something similar, picking a random exponent xB and computes n congruent to A to xB mod n, sending this to Alice. Now Alice knows her exponent xA, and she just got this number n from Bob, so she computes n to xA mod n. And likewise, Bob knows his own number xB, and just got this value m from Alice, and so Bob computes m to power xB mod n. And what's important here is if everybody did their computations correctly, both Alice and Bob are now in possession of a common value k, which they can use as a key. So let's take a look at an example. Let's use our Diffie-Hellman-Key Exchange Protocol to communicate a key where our public base A is 343, and we'll use modulus n equals 1637. So first, Alice and Bob need to pick their private keys, and so Alice chooses that random exponent, how about 23, and she computes 343 to power 23 mod 1637. And without going into the details, she finds that that's equal to 430, and she sends this number to Bob. Meanwhile, Bob chooses his own exponent, about 97, and computes 343, that's the public base, to his private exponent, 97, and computes mod 1637 and gets 968, which he sends to Alice. Now Alice takes Bob's number, 968, uses her exponent, 23, and computes 968 to power 23, and gets 1579, which is the key. And we'll verify that Bob actually has the same key and he's going to compute the key by taking the number Alice sent him, 430, raising it to his own exponent, 97, and if he does that, he also computes this value 1579. And so now both Alice and Bob have this key, 1579, in their possession, but the key itself was never transmitted and what you don't transmit can't be intercepted. Now we'll pause a moment and see why that works. So remember that Alice got this value a to power xb from Bob and she's raising it to her own exponent, xa, and so what she's actually computing is a to power xb, xa. Meanwhile, Bob got this number a to power xa from Alice and he knows his own exponent, xb, so he can compute Alice's number to power xb, which also gives him a to power xa, xb, and these are the same. And the reason it's secure is because xa never leaves Alice's possession and xb never leaves Bob's possession. And what you don't send out can't be found. So how could Eve find the key? Well, she could find either exponent, either xa, Alice's exponent, or xb, Bob's exponent. But remember these are never communicated, and as long as these are never communicated, she can't obtain them. Instead, she has to find them from the numbers that are sent a to power xb and a to power xa. So for example, Alice knows that Eve sent the number 430 and since she knows the public base is 343, she has to solve 343 to power x congruent to 430. And this leads to something called the discrete logarithm problem, which is the following. Given a and n, we want to solve a to power x congruent to y mod n. Now, the reason we can use this as the basis for a cryptographic system is that the discrete logarithm problem is believed to be a hard problem and so that if the Helman-Key exchange protocol is believed secure. Unfortunately, it only communicates a key. How can we modify it to communicate an actual message? We'll take a look at that next.