Diffie-Hellman Ephemeral (DHE)

Security+ 🏆 • Cryptography 🔒 • Difficulty: premium

Definition

Diffie-Hellman Ephemeral is a key exchange method where the parties use temporary Diffie-Hellman keys for a single session to agree on a shared secret. Because the keys are short-lived, DHE supports forward secrecy, meaning past sessions stay protected even if a long-term private key is later stolen.

Examples

A web server uses TLS with a DHE cipher suite so each connection negotiates a fresh session key, reducing the impact of a future key compromise.
A VPN gateway negotiates ephemeral Diffie-Hellman values during handshake, then derives encryption keys used only for that tunnel session.

Discover 🔎

When two systems want to communicate securely, they need a shared secret key to encrypt data. The challenge is agreeing on that key over an untrusted network without sending the key itself. Diffie-Hellman solves this by letting both sides compute the same secret independently. The word ephemeral means the keys used for that computation are temporary and thrown away after the session, which provides an important security benefit called forward secrecy.

Remember: DHE is about how you agree on a session key. It is not the encryption algorithm itself. It is the method used to create the key that encryption will use.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.