BiTree
  • Search For Lessons
  • Curriculum
  • Pricing
  • For Educators
  • Become a Tutor
  • About
  • Contact
Log InGet Started

Questions, concerns, bug reports, or suggestions? We read every message, write to us at [email protected].

More ways to reach us →
BiTree

Live coding lessons for aspiring developers and security professionals.

[email protected]

(201) 785-7951

Mon–Fri, 9 AM–5 PM EST

Learn

  • Search For Lessons
  • Curriculum
  • Pricing

Company

  • About
  • For Educators & Schools
  • Become a Tutor
  • Contact Us

Legal

  • Terms of Service
  • Privacy Policy
© 2026 BiTree. All rights reserved.
Curriculum/Cybersecurity/Cryptography/Key Exchange and Digital Signatures
40 minIntermediate

Key Exchange and Digital Signatures

After this lesson, you will be able to: Explain how Diffie-Hellman and ECDH let two parties agree on a shared secret over an insecure channel, and how digital signatures prove authenticity and integrity.

Two foundational uses of asymmetric math: agreeing on a shared secret without sending it, and signing data so anyone can verify who created it and that it is unchanged. This lesson covers Diffie-Hellman and ECDH key exchange and digital signatures (RSA and ECDSA).

Prerequisites:Asymmetric Encryption: RSA and ECC

The key exchange problem

Symmetric encryption needs both sides to share a key, but how do you share a key over a channel an attacker is watching? Diffie-Hellman solves this: both parties exchange public values, each combines the other's public value with their own private value, and they arrive at the same shared secret, which an eavesdropper cannot compute from the public values alone. The secret is never transmitted; it is independently derived on both ends.

Diffie-Hellman and ECDH

Classic Diffie-Hellman works over large prime fields; ECDH (Elliptic Curve Diffie-Hellman) does the same over elliptic curves with smaller keys and better performance, so it dominates modern protocols. Ephemeral variants (DHE, ECDHE) generate fresh keys per session, providing forward secrecy: even if the server's long-term private key is later stolen, past sessions cannot be decrypted because their ephemeral keys are gone. TLS 1.3 mandates this.

Digital signatures

A digital signature proves two things: authenticity (who created this) and integrity (it has not changed). The signer hashes the data and encrypts the hash with their private key; anyone can verify by decrypting the signature with the signer's public key and comparing it to their own hash of the data. RSA and ECDSA (and Ed25519) are the common signing algorithms. Signatures are how software updates, certificates, and signed commits prove their origin.

Signing and verifying (conceptual flow)

The pattern: hash, sign with private key, verify with public key.

tsx
// Signer
const hash = sha256(document);
const signature = signWithPrivateKey(hash, signerPrivateKey);
// distribute: document + signature + signerPublicKey (or a cert chain)


// Verifier
const expected = sha256(document);
const ok = verifyWithPublicKey(signature, expected, signerPublicKey);
// ok === true  -> authentic AND unmodified
// ok === false -> wrong signer OR the document was tampered with
Quick Check

What does forward secrecy (ephemeral key exchange) guarantee?

Pick one.

Common mistakes only experienced engineers catch

Confusing key exchange (agree on a secret) with encryption (use it). Using static (non-ephemeral) keys and losing forward secrecy. Signing the raw data without hashing first for large inputs. Verifying a signature but not checking the signer's certificate chain (a valid signature from the wrong key is worthless). Reusing nonces in ECDSA, which can leak the private key (the PlayStation 3 break). Assuming a signature provides confidentiality (it does not encrypt).

Sign in and purchase access to unlock this lesson.

Sign in to purchase
←Hash Functions and HMAC
Back to Cryptography
TLS in Depth→