The Proposed Symmetric Encryption Algorithm Based on Diffie-Hellman
Key Exchange Algorithm for Data Security
Phyu Phyu Thwe#1, May Htet*2
#,*
Department of Computer Engineering and Information Technology, Mandalay Technological University
The Republic of the Union of Myanmar
1
phyuphyuthwe@mtu.edu.mm, 2mayhtet@mtu.edu.mm
Abstract—Due to the rapid development of new technologies,
services and applications deeply rely on information sharing
and data transmitting over internet. On this situation, data
encryption techniques become main solutions to guarantee the
security and privacy of data. Although symmetric encryption
algorithms can be used for vast amount of message encryption,
they need secure channel for key exchange. In contrast,
asymmetric encryption algorithms solve the problem of key
distribution but it is not feasible to use for bulk message
encryption. Hence, in this paper, a new symmetric encryption
algorithm is proposed based on the Diffie-Hellman Key
Exchange (DHKE) algorithm as DHKE does not require the
expansive computation and additional assumptions for key
exchange due to the use of modular exponentiation. As a result,
the proposed system can support both key exchange and
encryption feature. Moreover, to evaluate the performance of
proposed encryption approach, its processing time is compared
with that of some existing symmetric encryption and
asymmetric encryption approaches and its security level is also
proved according to integer factorization.
Keywords—Diffie-Hellman, Integer Factorization, Modular
Arithmetic, Multiplication Cipher, Symmetric
Encryption Algorithms
I. INTRODUCTION
The wide usage of internet and emergence of new
technologies like mobiles, wireless technologies and cloud
storage, etc. increase the information security risks. Both
individual and organizations have been trying to cover the
leakage of their information under regular attacks for
commercial or non-commercial gains. Over many centuries,
cryptographic mechanisms have been created to deal with
information security issues. The protection system affords
to get the fundamental security objectives such as
confidentiality, integrity and availability for both data and
information. One of the fundamental tools in cryptographic
mechanisms is data encryption technique that the
information is sent in scramble form in order to prevent
unauthorized accesses from untrusted third parties like
eavesdroppers. Encryption algorithms are designed around
computational hardness assumptions by making such
algorithms hard to break in practice by any adversary.
Modern cryptography consists of different algorithms:
symmetric key, asymmetric key, hash function and key
exchange algorithms. Different cryptographic algorithms
provide different security requirements to some extent.
However, the cryptographic techniques must be integrated
to provide a robust layer of security that ensures the safe
and secure delivery of message to the intended recipient.
For example, symmetric encryption algorithms need to use
a key exchange protocol for generating more secure session
key between two parties. Although the hybrid
cryptographic systems give the strong security
requirements, the performance of the system can be
degraded due to increasing execution time. In addition,
1
some hybrid systems have complex structure and require
more computing resources for implementation. Moreover,
the shift from desktop computers to small devices brings a
wide range of new security and privacy concerns. It is
challenging to apply conventional cryptographic standards
to small devices. In many conventional cryptographic
standards, the trade-off between security, performance and
resource requirements were optimized for desktop and server
environments, and this makes them difficult or impossible to
implement in resource-constrained devices [1].
In this paper, a symmetric encryption algorithm is
designed to meet a balance between performance and
security requirement level of an application. As DHKE
does not take much key pair generation time and supports
the forward security, the proposed encryption approach is
attached to DHKE. This method is considered based on the
difficulty of integer factorization and modular arithmetic
without increasing the time complexity. The algorithm
implementations and results of measuring speeds of
cryptographic algorithms are prepared on the open-source
cryptography software CrypTool 2.1. To evaluate the
performance of proposed encryption approach, its execution
time is compared with some existing symmetric encryption
algorithms such as RC4, Twofish, TEA, AES and asymmetric
encryption algorithms such as RSA and ElGamal as well as its
safety is also verified in terms of integer factorization
calculation.
The rest of the paper is organized as follows: related
work is described in Section 2. Design of the proposed
system is illustrated in Section 3. Section 4 explains
research methods. Section 5 describes the system
implementation. The experimental results of this system are
shown in Section 6. Security analysis for the proposed
symmetric encryption algorithm is described in Section 7.
Finally, conclusion is presented in Section 8.
II. RELATED WORKS
In 2013, Prashant R. and Yogita P. [3] implemented a
hybrid cryptographic system by combining digital signature
with Diffie-Hellman key exchange and AES encryption
algorithm to enhance data security in cloud computing.
Their combination referred to as “Three way mechanism”
ensured all the three protection schemes: authentication,
data security and verification at the same time. They were
likely to arrange for trusted computing platform using
encryption process in order to avoid data modification at
the server end. In addition, the client was authenticated
with the help of digital signature.
Then, Preetika J., Manju V. and Pushpendra R. V. [2]
proposed a node to node authentication protocol with the
concept of cryptography and cluster head that resolved the
weakness of Diffie-Hellman key exchange scheme. For
encryption of common numbers pre-assigned to each node
manually before deployment, Data Encryption Algorithm
(DEA) was used. Their research focused on to establish a
secure communication link between node to node and node
to base station. By eliminating the man-in-middle attack,
they reduced the network attacks of eavesdropping or
captured nodes compromise. However, the computational
overhead is greater due to encryption and decryption
processes.
In addition, Saima I. and Ram L. Y. [4] proposed the
system using concept of combination of random key,
validation key and transaction id with symmetric key
encryption algorithm in 2018. The authors had attempted to
transfer file securely using randomly generated keys with
Blowfish symmetric algorithm for encryption process.
They applied the dynamic key concept to scramble each
message by alternate cryptographic key. The strength of the
keys used in their process was examined by using open
source cryptographic tool known as Cryptool 2.0. By using
transaction key, synchronization problem in the dynamic
key concept was solved. As a result of using transaction
key and the validation key, their system gave more
robustness layer to secure file transfer.
According to the literature and concepts of the
enhancements which are pointed out from the previous
researches, the main aim of this work is to modify DHKE
algorithm to obtain key exchange and lightweight encryption
feature in one algorithm with acceptable execution time.
III. DESIGN OF THE PROPOSED SYSTEM
The proposed system is structured in which the parts of
key exchange, encryption and decryption features are
connected together as illustrated in Fig. 1.
First, the session key required for encryption process is
generated by using original DHKE algorithm between the
sender and the receiver. Then, the message is encrypted
with the session key by using the proposed symmetric
encryption algorithm and sent to the receiver. At the
receiver site, the cipher-text is decrypted with generated
session key by using proposed decryption method.
Secret Message
Encryption using Proposed
Symmetric Encryption
Algorithm
Generating Session Key
using Diffie-Hellman Key
Exchange Algorithm
Session Key
Decryption using Proposed
Symmetric Encryption
Algorithm
Secret Message
Fig. 1 Design of the proposed system
By using the proposed system, both sender and receiver
do not need to concern the security of session key used in
encryption and decryption processes. Moreover, the system
can be implemented easily and simply since modified
DHKE alone can support both key exchange and
encryption properties.
IV. RESEARCH METHODS
The proposed system includes two parts: key exchange
approach and the proposed encryption approach. Key
exchange is performed by means of original DHKE and
encryption approach is achieved by using proposed
symmetric encryption algorithm.
A. Diffie-Hellman Key Exchange Algorithm
Diffie-Hellman key exchange algorithm was proposed
by Whitfield Diffie and Martin Hellman in 1976. This
algorithm is a practical solution for sharing the common
secret key over public communication between the two
parties. This fundamental key agreement technique is
implemented in many open and commercial cryptographic
protocols like Secure Shell (SSH), Transport Layer
Security (TLS), and Internet Protocol Security (IPSec) [5].
In addition, DHKE algorithm is widely used with the
symmetric key encryption in commercial application such
as e-commerce, banking process and cloud storage, etc.
1) Process of Diffie-Hellman Key Exchange Algorithm:
The security of DHKE is based on the discrete logarithm
problem in a finite field F*p and prime number ‘p’. Instead
of sharing the secret key in conventional cryptosystem, the
session key is created using DHKE algorithm. The process
of DHKE algorithm is summarized in Fig. 2.
Alice Bob
1 Agreement on public value p and g
2 Choose private key, a. Choose private key, b. 2
3 Ra = ga mod p Rb = gb mod p 3
Ra
4
Rb
K = (Rb)a mod p K = (Ra)b mod p
Share secret key
5
Fig. 2 Diffie-Hellman key exchange algorithm
In this process, the two parties: Alice and Bob agree on
two public numbers that are a large prime number p and a
primitive root ‘g’ of prime ‘p’. These two numbers do not
need to be confidential. The step-by-step procedures of
DHKE algorithm are shown in Fig. 3.
Step 1: The two users must take agreement on public value ‘p’ and
‘g’.
Step 2: Alice chooses large random number ‘a’ such that 0 a  p-1.
Bob chooses large random number ‘b’ such that 0 b  p-1.
Step 3: Alice calculates public key R1 = ga mod p.
Cipher Text
Bob also calculates public key R2 = gb mod p.
Step 4: Alice sends R1 to Bob but does not send the value of ‘a’.
Bob sends R2 to Alice but does not send the value of ‘b’.
Step 5: Alice calculates K = (R 2 )a mod p. Bob also calculates
K = (R1)b mod p. K is the symmetric key for the session.
Fig. 3 Step-by-step procedures of DHKE algorithm
Finally, the two users calculate the session key
individually and these two results produce identical session
key according to commutative law, i.e., K = (gb mod p)a
mod p = (ga mod p)b mod p = gab mod p.
2) Example of Diffie-Hellman Key Exchange Algorithm:
To understand the detail process of how DHKE works, it is
illustrated with example. In this example, it is assumed that
Alice and Bob agree on the public numbers: p = 13 and g = 11
before establishing a symmetric key. Then, a session key
will be created for communication as shown in Fig. 4.
2
 1) Agreement on p = 13 and g = 11. DHKE and its prime parameter ‘p’ are taken to use in both
2) Alice chooses a = 6 and Bob chooses b = 3. encryption and decryption processes of proposed
3) Alice calculates public key R1 = 116 mod 13 = 12. encryption algorithm.
Bob calculates public key R2 = 113 mod 13 = 5. In encryption process, as long key takes memory space
4) Alice sends the number 12 to Bob. and long execution time to make multiplication process,
Bob sends the number 5 to Alice. key size is reduced by using modular arithmetic as in
5) Alice calculates the symmetric key K = 56 mod 13 = 12. Equation 1.
Bob calculates the symmetric key K = 123 mod 13 = 12. K = p mod K, (1)
The value of K is the same for both Alice and Bob;
where, p = large prime of original DHKE,
gab mod p = 1118 mod 13 = 12.
K = Key generated by original DHKE,
Fig. 4 Example calculation of DHKE algorithm In addition, the size of the message is also reduced by
subtracting large prime ‘p’ from the integer value of
As DHKE is based on some concepts of a public key message to trick the attacker as in Equation 2.
crypto system, the overview of applications supported by C = M – p, (2)
public key cryptographic system are shown in Table 1. where, M = integer value of message,
TABLE I And then, reduced key K and masked message C are
APPLICATIONS OF PUBLIC-KEY CRYPTOSYSTEMS multiplied to produce the corresponding cipher-text C as in
Applications Equation 3.
Algorithms Encryption/ Digital Key
C = C * K (3)
Decryption Signature Exchange In decryption process, the key is recalculated as
RSA Yes Yes Yes encryption process to reduce its size. Then, the cipher-text
Elliptic Curve Yes Yes Yes
is decrypted by using division as in Equation 4.
Diffie- p (4)
No No Yes 
Hellman
By replacing C with (CK),
DSS No Yes No
 
p

As described in Table 1, DHKE is not full public-key  p
cryptosystem and only enables for key exchange that can By replacing C with (M – p),
be used for generating symmetric keys or other purposes −p+p
but does not support data encryption/ decryption or digital Next, the integer value of plaintext is recovered using key.
signature [7]. Moreover, data encryption completely M=M
depends on the session key so new keys must be generated After the integer value of original message has been
quickly if a new secret is required. DHKE provides the obtained, it is transformed into original text message again.
forward secrecy in which new key pair for each session is
generated speedily. 2) Example of Proposed Symmetric Encryption
Algorithm: To clarify the detail process of how modified
B. Proposed Symmetric Encryption Algorithm DHKE algorithm works with encryption feature, it is
The confidentiality requirement for both data and demonstrated with sample calculation. In this illustration, it
information is completed by using encryption techniques. is assumed that the session key K = 3, prime, p = 11 and
Symmetric encryptions, also called conventional encryption, the secret message is “Hello!”. After that, encryption and
are faster and more suitable for bulk messages than decryption processes of proposed encryption algorithm are
asymmetric. In Symmetric encryption, encryption and shown in Fig. 5 and Fig. 6.
decryption are performed using the same key. From this Reducing the Size of Key, K
concept, proposed encryption alogrithm uses the same key Generated Session Key,
K=3 K = p mod K = 11 mod 3
generated from the DHKE algorithm and large number p Prime, P = 11 =2
which is agreed between two communication parties before
communication. As a result, like asymmetric key Transforming Message to Integer Value
encryption algorithms, key distribution is not necessary.
Hello!  M = 36762444129608
1) Encryption and Decryption Processes of Proposed
Symmetric Encryption Algorithm: This modification is
Message Encryption
founded on the mathematical concept in order to implement
C = M – P
easily and equalize between the security requirement and C = 36762444129608 – 11
restricted devices. The proposed encryption algorithm is = 36762444129597
considered based on the integer factorization and modular C = CK
arithmetic since the security of many cryptographic C = 36762444129597 * 2
= 73524888259194
techniques depends upon the difficulty of integer
factorization. The integer factorization problem means that
the time taken for calculating factors of a composite integer Generating Ciphertext
‘n’ depends on certain properties of the factors of ‘n’. In Ciphertext, C = 73524888259194
non-trivial factorization, if x and y are non-trivial factors of
Fig. 5 Encryption process
composite integer n = xy, x and y are not necessarily
primes. According to this concept, the proposed encryption As shown in Fig. 6, at the receiver site, the size of
algorithm is created to produce a multiplication cipher. In generated session key is also reduced. After decryption
key generation process, the key generated from original process, the original text message will be recovered.
3
 V. SYSTEM IMPLEMENTATION
Reducing the Size of Key,K
Generated Session Key, K This system is implemented on the open-source
=3 K = p mod K
Prime, P = 11 = 11 mod 3 = 2 cryptographic software Cryptool 2.1 as illustrated in Fig.6.
In Fig.6, firstly, the original message is loaded as Text
Ciphertext input. After that, the users can choose the bit length of
Ciphertext, C = 73524888259194 prime parameter ‘p’ to generate the expected key length.
In this case, 35kB message size is to be encrypted by
using 1024 bit key length. The prime ‘p’ and based
Ciphertext Decryption
generator ‘g’ must be agreed between the sender and
M= +P receiver and the session key is generated in both sides. And
73524888259194 then, the input message is encrypted by using proposed
= + 11 encryption algorithm with the help of session key. After
2
= 36762444129597 + 11 encryption and decryption processes, the total execution
= 36762444129608
time of the system is also expressed to the user.
In this work, the performance of proposed symmetric
Transform Integer Value to Text Message encryption algorithm is compared with some of the existing
symmetric and asymmetric algorithms. Hence, in this paper,
M = 36762444129608  Hello! AES, RC4, Twofish, TEA, RSA and ElGamal are also
Fig. 6 Decryption process
implemented by using Cryptool software.

Fig. 7 Key exchange, encryption and decryption process of the proposed system

VI. EXPERIMENTAL RESULTS AES

RC4
For performance consideration, running times of DHKE Twofish
and other algorithms can be analysed by implementing in TEA
Proposed Symmetric Encryption Algorithm
core i3 processors, RAM 4 GB, window 8, 64 bit operating
1.2
system. The comparison results of symmetric encryption
Processing Time (s)

algorithms and proposed encryption algorithm are analysed 1.15

on various message size by using 128 bit key length as
1.1
shown in Fig. 8.
In most block ciphers, when the input stream is equal to 1.05
the block size, the encryption time is less costly than the
1
other times because no padding bits are needed. As shown
in figure, although the processing time of the proposed 0.95
encryption algorithm is obviously faster than TEA and 1 KB 2 KB 4 KB 8 KB 16 KB 32 KB
Message Size
Twofish for larger message sizes above 4kB, it is not
noticeably faster for smaller message sizes. Generally, it is Fig. 8 Comparison results of total execution time for symmetric
also faster than RC4 for message sizes above 8kB. The encryption algorithms
reason is that RC4 is remarkable for its simplicity and The comparison results of encryption and decryption
speed. However, the proposed algorithm is faster than AES time of proposed encryption algorithm and public key
for only 1kB message size and slower than AES for larger encryption algorithms are shown in Table 2. As described
message sizes. in Table 2, execution times of proposed encryption
4
algorithm are faster than that of RSA and ElGamal except  Ways to attack the Proposed Algorithm:
for that of ElGamal with 64 Byte message. 1) If the attackers know the large prime p and can compromise the
key, it is possible to manipulate the ciphertext.
TABLE II 2) Even if the key is not known, the attackers can still try through
EXPERIMENTAL RESULTS OF THE PROPOSED ALGORITHM AND various integer factorization algorithms.
ASYMMETRIC ENCRYPTION ALGORITHM
 Strength of the Proposed Algorithm:
Key Length – 2048 bit 1) Even if the integer factorization is achieved, it will generate
different keys and the different possible message will be obtained
Message Size 64 Byte 128 Byte 256 Byte depending on the number of factors so that it is difficult for
Proposed Encryption intruders know which one is the real original message.
0.160 0.162 0.174 Example calculation
Symmetric Time (s)
Encryption Decryption Sender Attacker Receiver
0.018 0.021 0.026 Alice knows Eve knows Bob knows
Algorithm Time (s)
Encryption Prime, p P=11 P=11 P=11
0.082 0.164 0.328
Time (s) Massage, M M=45 - -
ElGamal
Decryption Key, K K =3 - K=3
0.007 0.020 0.028
Time (s)
Encryption ’ - p = 45-11 34, ’ p mod 11 mod 3 2
0.001 0.002 0.024
Time (s) ’* ’ 34 * 2 68
RSA
Decryption Eve needs to find factors of 68 = 2, 4, 17, 34.
1.794 1.802 1.808
Time (s) If K’ = 2  ( / ’) p 45
If K’ = 4 ( / ’) p 28
The comparison results of total execution time on the 64 If K’ = 17 ( / ’) p 15
Byte message size using the variable length key sizes are If K’ = 45 ( / ’) p 13
shown in Fig. 9. M  45, 28, 15, 13

Fig. 10 Security analysis of the proposed algorithm

RSA ElGamal Proposed Symmetric Encryption Algorithm
35 VIII. CONCLUSIONS
30 In this paper, the proposed system offers both key
exchange and encryption features. The security of proposed
Processing Time (s)

25
20
15
10
5
0 proposed algorithm can be used in many applications such
128 bit 512 bit 1024 bit 1536 bit 2048 bit
Key Length
Fig. 9 Comparison results of total execution time for public key
encryption algorithm
According to the comparison results, it is found that the
execution time including key generation, encryption and
decryption time of proposed encryption algorithm is faster
than that of RSA and ElGamal along with the larger message
size since the key generation time of DHKE is faster than
that of RSA and ElGamal. Although the execution time of
the proposed algorithm based on DHKE is not noticeable
under 1024 bit key size, it is obviously faster than others for
larger key size. Even for the larger key size, the total
execution time of proposed encryption algorithm is not
considerably increased due to the reduction in key size and
message size through simple arithmetic operations.
VII. SECURITY ANALYSIS FOR PROPOSED SYMMETRIC
ENCRYPTION ALGORITHM
Integer factorization is commonly used mathematical
problem often used to secure public-key encryption systems.
In order to break the integer composite numbers, the intruders
would have to find the factors of those numbers. Factoring
numbers is a computationally difficult problem and it is
trial and error process. It is easy for smaller numbers but it
can take many computing resource and days, months and
years to solve large composite numbers.
In this section, the security of proposed algorithm is
analysed based on integer factorization and depending on the
secret key which is derived from DHKE algorithm as shown
in Fig. 10.
encryption algorithm is based on the difficulty of integer
factorization. The comparison results of execution time for
the proposed encryption algorithm and some existing
algorithms are also presented in this paper. According to
the comparison results, the proposed algorithm is more
efficient than most of the existing algorithms in terms of
execution time especially for larger message size. The
as conventional desktop cryptographic application and
modern cryptographic applications.
As further extensions, the resistance of proposed
encryption algorithm can be tested using factoring attack
based on Pollard’s Rho. In addition, the digital signature
algorithms can be added to proposed system for
authentication. The analysis of the effects of different
parameters on the accuracy and efficiency of DHKE
algorithm will be a good subject for a future study.
REFERENCES
[1] Rao U. H., Nayak U., An Introduction to Information Security, The
InfoSec Handbook, Edition one, Apress publisher, ISBN 978-1-
4302-6383-8, DOI 10.1007/978-1-4302-6383-8, 2014
[2] Preetika J., anju V. and Pushpendra R. V., “Secure
Authentication Approach Using Diffie-Hellman Key Exchange”,
International Conference on Control, Instrumentation, Communication
and Computational Technologies (ICCICCT), IEEE publisher, 2015.
[3] Prashant R. and Yogita P., “Use of Digital Signature with Diffie
Hellman Key Exchange and AES Encryption Algorithm to
Enhance Data Security in loud omputing”, International
Conference on Communication Systems and Network Technologies,
IEEE publisher, DOI 10.1109/CSNT.2013.97, 2013.
[4] Saima I. and Ram L. Y., “A Secure File Transfer Using the
Concept of Dynamic Random Key, Transaction Id and Validation
ey with Symmetric ey Encryption Algorithm”, Proceedings of
First International Conference on Smart System, Innovations and
Computing, Smart Innovation, Systems and Technologies. Springer
Nature Singapore Pte Ltd., pp.271-278, 2018.
[5] Paar C. and Pelzl J., Understanding Cryptography, A Textbook for
Students and Practitioners, Springer, e-ISBN 978-3-642-04101-3,
DOI 10.1007/978-3-642-04101-3, 2010.
[6] Stallings W., Cryptography and Network Security, Principles and
Practice, Fifth Edition, ISBN 10: 978-0-13-609704-9, Prentice Hall,
2011.
[7] Alvarez R., Caballero-Gil C., Santonja J. and Zamora A.,
“Algorithms for Lightweight ey Exchange”, In Proceedings of the
10th International Conference on Ubiquitous Computing and
Ambient Intelligence, UCAmI, Springer International Publishing,
pp. 536-543, 2016.