 To review, the Diffie-Hellman key exchange protocol uses a public base A and public modulus N. And to set it up, Alice chooses a number xA, which she keeps secret and commutes kA, A to power xA mod N. Similarly, Bob chooses a number xB, which he keeps secret and commutes kB, A to power xB mod N. And these are the half keys, Alice and Bob exchange keys, and then Alice computes kB to xA, that's Bob's number to her exponent, and Bob computes kA to power xB, that's Alice's number to his exponent. And since kB to power xA is congruent to kA to power xB, Alice and Bob now have a shared key k, and once they have a key, they can use it to communicate. Now the important thing worth pointing out is that while the Diffie-Hellman key exchange protocol is a secure way to transmit information between Alice and Bob, it's not a crypto system. And that's because we can't use it to transmit specific information. So if Alice wanted to send Bob the number 157, she couldn't do that using just the Diffie-Hellman key exchange protocol. However, since we can transmit a key, this means we can use the Diffie-Hellman key exchange protocol to transmit a key for a substitution or a transposition cipher, or we could use it to transmit the seed for a verdant cipher, that's the seed that will produce our pseudo-random number sequence, or we can transmit a key for a new type of cipher. And this leads to the L-Gamal crypto system, and it works as follows, Alice announces a public base a and a public modulus n, and she chooses an exponent x a, which she keeps secret, but announces k a, congruent to a to our x a mod n, as her public half key. Now I suppose Bob wants to send a message m, so Bob chooses an exponent x b, which he keeps secret, but he computes k b, congruent to a to power x b mod n, and computes k, which is k a to power x b, that's Alice's public number, k a, to his own private exponent x b. And to remember this value k, well that's the shared key that Alice and Bob will both have, and so he will encrypt his message by computing our ciphertext as k m mod n. And at this point Bob sends both the ciphertext and his half key to Alice. At the other end Alice uses Bob's half key and computes the full key by using Bob's number k b and her exponent x a. Now since the ciphertext was the key times the message itself, she needs to find k inverse mod n, which allows her to recover the original message as k inverse c mod n. Now that's quite a bit to go through, so let's take a look at an example. We'll use the Diffie-Hellman key exchange protocol to communicate a key where a, the public base is 343, and n, the public modulus 1637, and then we'll use our key to encrypt the message 157. So previously we saw that Alice and Bob set up a system where they exchanged the key 1579. Now Bob wants to send the message 157, and so he computes 157 times the key mod 1637, and that gives him 716, and he sends this message to Alice. Remember he's already sent her the half key. Now Alice knows the key is 1579, so she finds the inverse, which works out to be 254, and now she can recover the message by multiplying k inverse times the ciphertext 254 times 716 mod 1637, and she gets the original message 157. Now it's important to understand that if Eve ever finds Alice's private exponent xa, then every message ever sent to Alice by anyone becomes readable. So in practice greater security can be obtained if Alice and Bob produce an ephemeral key during what's called a Diffie-Hellman handshake. And that isn't substantially different from what we've already done. The only real difference is that Alice only announces the public base a and public modulus n. Then Alice and Bob simultaneously choose their individual exponents, compute their individual half keys, exchange the half keys, and then use the half keys to compute the full keys. And the important difference here is that even if Eve finds Alice's exponent xa, she can only read the messages in this one exchange. Past and future exchanges are still going to be secure.