The Math That Makes Every HTTPS Connection Secure

Whitfield Diffie, Martin Hellman, and Ralph Merkle's 1980 Stanford patent describes public-key cryptography — the breakthrough that enables two strangers to establish a shared secret over an insecure channel, making secure internet communication possible.

What it covers

This patent describes a public-key cryptographic system where two parties can establish a shared secret without ever meeting or exchanging any secret information over the channel. Each party has two mathematically related keys: a public key they share with everyone, and a private key they never reveal. The mathematical relationship between the keys — based on the difficulty of computing discrete logarithms — means that anything encrypted with your public key can only be decrypted with your private key. More importantly, two parties can combine their public keys to arrive at the same shared secret, which neither has transmitted. This makes it possible to establish an encrypted connection without any prior shared secret.

What it doesn't cover

• —RSA encryption (US4405829) — a different public-key system using prime factorization rather than discrete logarithm problems
• —Symmetric encryption (AES, DES) — once a shared key is established via Diffie-Hellman, symmetric encryption is typically used for the actual data
• —Digital signatures — a related but separate use of public-key cryptography not covered in this specific patent
• —Elliptic curve cryptography — a more efficient variant of the same mathematical principle developed later

The clever bit

The problem Diffie and Hellman solved had been considered mathematically impossible. For thousands of years, secret communication required the two parties to share a secret key in advance — which required a secure channel to exchange the key, which required a secure channel to exchange THAT key, and so on. It was a chicken-and-egg problem. Diffie's insight was that you could use a mathematical function that is easy to compute in one direction but impossibly hard to reverse (a 'one-way function'). Specifically: computing g^x mod p is easy, but given g^x mod p, finding x is computationally infeasible for large numbers. By exploiting this asymmetry, two parties can each perform half the computation publicly and combine the results to get a shared secret that neither transmitted.

Why it matters

Diffie and Hellman published their ideas in a 1976 paper ('New Directions in Cryptography') before the patent was filed, which seeded an entire field of research. The 2015 Turing Award (computer science's Nobel Prize) went to Diffie and Hellman for this work. Without public-key cryptography, e-commerce would be impossible — every credit card transaction, every banking login, every private message relies on the mathematical impossibility of reversing the discrete logarithm problem. The NSA tried to suppress the patent's publication when it was filed; the academic publication of the underlying paper had already made that futile. Public-key cryptography is now considered too fundamental to suppress.

Real-world examples

• 1.Every HTTPS connection uses Diffie-Hellman (or its elliptic curve variant ECDH) to establish the symmetric session key — the padlock in your browser URL bar is this patent in action
• 2.Signal, WhatsApp, and iMessage use Diffie-Hellman key exchange as the foundation of their end-to-end encryption
• 3.The patent was licensed to RSA Security and became part of the foundational IP behind SSL/TLS — Stanford received royalties that helped fund their computer science department

Glossary