CRYPTOGRAPHY AND NETWORK SECURITY

1. a) Describe the various Security Services.

Confidentiality:The principle specifies that only the sender and receiver will be able to access the
information shared between them. Confidentiality compromises if an unauthorized person is able to access a
message.
Authentication:
Authentication is the mechanism to identify the user or system or the entity. It ensures the identity of the
person trying to access the information.The authentication is mostly secured by using username and
password.The authorized person whose identity is pre registered can prove his/her identity and can access the
sensitive information.
Integrity:
Integrity gives the assurance that the information received is exact and accurate. If the content of the message
is changed after the sender sends it but before reaching the intended receiver, then it is said that the integrity
of the message is lost.
Non-Repudiation:
Non-repudiation is a mechanism that prevents the denial of the message content sent through a network. In
some cases the sender sends the message and later denies it. But the non-repudiation does not allow the
sender to refuse the receiver.
Access control:
The principle of access control is determined by role management and rule management. Role management
determines who should access the data while rule management determines up to what extent one can access
the data.
Availability:
The principle of availability states that the resources will be available to authorize parties at all times.
Information will not be useful if it is not available to be accessed. Systems should have sufficient availability of
information to satisfy the user request.
b) Describe the various Security Attacks.
SECURITY ATTACK
any action that compromises the security of information owned by an organization.(often threat &
attack used to mean same thing)
generic types of attacks

● Passive
● Active
 Passive Attack:A Passive attack attempts to learn or make use of information from the system but does not
affect system resources. Passive Attacks are in the nature of eavesdropping on or monitoring of transmission.

The release of message content –

Telephonic conversation, an electronic mail message or a transferred file may contain sensitive or confidential
information. We would like to prevent an opponent from learning the contents of these transmissions.

Traffic analysis –
Suppose that we had a way of masking (encryption) of information, so that the attacker, even if captured the
message, could not extract any information from the message.
The opponent could determine the location and identity of the communicating host and could observe the
frequency and length of messages being exchanged. This information might be useful in guessing the nature of
the communication that was taking place.

Active Attack
Masquerade –Masquerade attack takes place when one entity pretends to be a different entity. A Masquerade
attack involves one of the other forms of active attacks.

Modification of messages –
It means that some portion of a message is altered or that message is delayed or reordered to produce an
unauthorized effect. For example, a message meaning “Allow JOHN to read confidential file X” is modified as
“Allow Smith to read confidential file X”.
Repudiation –
This attack is done by either sender or receiver. The sender or receiver can deny later that he/she has send or
receive a message. For example, customer ask his Bank “To transfer an amount to someone” and later on the
sender(customer) deny that he had made such a request. This is repudiation.

Replay –It involves the passive capture of a message and its subsequent the transmission to produce an
authorized effect.

Denial of Service –It prevents normal use of communication facilities. This attack may have a specific target.
For example, an entity may suppress all messages directed to a particular destination. Another form of service
denial is the disruption of an entire network wither by disabling the network or by overloading it by messages
so as to degrade performance.
 2. a)Explain the following
i) Cryptography
Cryptography is the science of protecting information by transforming it into a secure format.
This process, called encryption, has been used for centuries to prevent handwritten messages
from being read by unintended recipients. Today, cryptography is used to protect digital data.
It is a division of computer science that focuses on transforming data into formats that cannot
be recognized by unauthorized users.
An example of basic cryptography is a encrypted message in which letters are replaced with
other characters. To decode the encrypted contents, you would need a grid or table that
defines how the letters are transposed. For example, the translation grid below could be used
to decode "1234125678906" as "techterms.com".
t 6 m

2 e 7 s

3 c 8 .

4 h 9 c

5 r 0 o

ii) Cryptanalysis
Cryptanalysis is the art of trying to decrypt the encrypted messages without using the key that was used to encrypt
the messages. Cryptanalysis uses mathematical analysis and algorithms to decipher the ciphers. It is used to breach
security systems to gain access to encrypted content and messages even if the cryptographic key is unknown.
The success of cryptanalysis attacks depends
● Amount of time available
● Computing power available
● Storage capacity available
The following is a list of the commonly used Cryptanalysis attacks;
● Brute force attack– this type of attack uses algorithms that try to guess all the possible logical combinations
of the plaintext which are then ciphered and compared against the original cipher.
● Dictionary attack– this type of attack uses a wordlist in order to find a match of either the plaintext or key. It
is mostly used when trying to crack encrypted passwords.
● Rainbow table attack– this type of attack compares the cipher text against pre-computed hashes to find
matches.
iii) steganography
Steganography is a method in which a secret message is hidden in a cover media. Steganography means
covered writing. Steganography is the idea to prevent secret information by creating suspicion. Steganography
is less popular than Cryptography. In steganography, structure of data is not usually altered.
The forms of steganography are:
1. Text
2. Audio
3. Video
4. Images
5. Network or Protocol
 b) What are the Techniques used in cryptography? Explain one Technique with example
Cryptography is used in many applications like banking transactions cards, computer passwords, and
e- commerce transactions.

Three types of cryptographic techniques used in general.

1. Symmetric-key cryptography
2. Hash functions.
3. Public-key cryptography
4.Asymmetric-key cryptography

Symmetric Cryptography:In symmetric cryptography a single key is used for encrypting and decrypting the
data. This encryption key is a private key. This is the limitation of this encryption technique that this private key
must be distributed only among the authorized sender and receiver.

Two kinds of symmetrical encryption algorithms are available:

A) Block Algorithm:The set of bits is encoded with a specific secret key in electronic data blocks. The system keeps

the data in its memory while it is waiting to get complete blocks when the data is encrypted. Some important Block

cipher algorithms are DES, Triple DES, AES, etc.

B) Stream Cipher Algorithm:In this, Plain text numbers or characters are combined with a pseudorandom cipher

digit stream. Some important Stream cipher algorithms are RC4, A5, BLOWFISH, etc. In symmetric key encryption,

The encryption code can be cracked if someone finds out the symmetric key. But this problem can be overcome with

the Diffie-Hellman algorithm. In the Diffie-Hellman key exchange or agreement algorithm, the sender and receiver

must agree on a symmetric key using this technique. This key can then be used for encryption or decryption

purposes.
Asymmetric Cryptography:In asymmetric cryptography a pair of keys, i.e., public key and private key is used for

encryption and decryption. A sender can use its public key to encrypt the data and on receiver end receiver

can decrypt the data by using its private key. This technique overcomes the problem of key distribution.

Public-Key Cryptography: This is the most revolutionary concept in the last 300-400 years. In Public-Key

Cryptography two related keys (public and private key) are used. Public key may be freely distributed, while its

paired private key remains a secret. The public key is used for encryption and for decryption private key is

used.

Hash Functions: No key is used in this algorithm. A fixed-length hash value is computed as per the plain text

that makes it impossible for the contents of the plain text to be recovered. Hash functions are also used by

many operating systems to encrypt passwords.

3. a)What are the principles of CipherBlock

Block ciphers are built in the Feistel cipher structure. Block cipher has a specific number of rounds and
keys for generating ciphertext. For defining the complexity level of an algorithm few design principles are to be
considered.
Block Cipher Principles

A block cipher is designed by considering its three critical aspects which are listed as below:

Number of Rounds –
The number of Rounds is regularly considered in design criteria, it just reflects the number of rounds to be
suitable for an algorithm to make it more complex, in DES we have 16 rounds ensuring it to be more secure
while in AES we have 10 rounds which makes it more secure.Ge

Design of function F –
The core part of the Feistel Block cipher structure is the Round Function. The complexity of cryptanalysis can
be derived from the Round function i.e. the increasing level of complexity for the round function would be
greatly contributing to an increase in complexity.
To increase the complexity of the round function, the avalanche effect is also included in the round function, as
the change of a single bit in plain text would produce a mischievous output due to the presence of avalanche
effect.

Key schedule algorithm –

In Feistel Block cipher structure, each round would generate a sub-key for increasing the complexity of
cryptanalysis. The Avalanche effect makes it more complex in deriving sub-key. Decryption must be done very
carefully to get the actual output as the avalanche effect is present in it.

b)Explain DES algorithm

Data Encryption Standard (DES) is a block cipher algorithm that takes plain text in blocks of 64 bits and
converts them to ciphertext using keys of 48 bits. It is a symmetric key algorithm, which means that the
same key is used for encrypting and decrypting ​data.

Steps for generating keys

There are 16 rounds of encryption in the algorithm, and a different key is used for each round. How​keys
are generated is listed below.Bits are labeled from 1 to 64 starting from the most significant bit and going to
the least significant bit.

1. Compress and transpose the given 64-bit key into a 48-bit key using the following table:

10

11

// The array elements denote the bit numbers

int pc1[56] = {

57,49,41,33,25,17,9,

1,58,50,42,34,26,18,

10,2,59,51,43,35,27,

19,11,3,60,52,44,36,

63,55,47,39,31,23,15,

7,62,54,46,38,30,22,

14,6,61,53,45,37,29,

21,13,5,28,20,12,4

};

PC-1 table

2. Divide the result into two equal parts: C and D.

 3. C and D are left-shifted circularly. For encryption rounds 1, 2, 9, and 16 they are left shifted
circularly by 1 bit; for all of the other rounds, they are left-circularly shifted by 2.
4. The result is compressed to 48 bits in accordance with the following rule:

10

int pc2[48] = {

14,17,11,24,1,5,

3,28,15,6,21,10,

23,19,12,4,26,8,

16,7,27,20,13,2,

41,52,31,37,47,55,

30,40,51,45,33,48,

44,49,39,56,34,53,

46,42,50,36,29,32

};

PC-2 table

5. The result of step 3 is the input for the next round of key generation.

Steps for encryption

1. Transpose the bits in the 64-block according to the following:

2
 3

10

11

12

// 58 means that the 58th bit should be considered

// the first bit, 50th bit the second bit and so on.

int initial_permutation_table[64] = {

58,50,42,34,26,18,10,2,

60,52,44,36,28,20,12,4,

62,54,46,38,30,22,14,6,

64,56,48,40,32,24,16,8,

57,49,41,33,25,17,9,1,

59,51,43,35,27,19,11,3,

61,53,45,37,29,21,13,5,

63,55,47,39,31,23,15,7

};

The initial permutation table

2. Divide the result into equal parts: left plain text (1-32 bits) and right plain text (33-64 bits)
3. The resulting parts undergo 16 rounds of encryption in each round.

The right plain text is expanded using the following expansion table:

2
 3

// The array elements denote the bit numbers

int expansion_table[48] = {

32,1,2,3,4,5,4,5,

6,7,8,9,8,9,10,11,

12,13,12,13,14,15,16,17,

16,17,18,19,20,21,20,21,

22,23,24,25,24,25,26,27,

28,29,28,29,30,31,32,1

};

The expansion table

4. The expanded right plain text now consists of 48 bits and is XORed with the 48-bit key.
5. The result of the previous step is divided into 8 boxes. Each box contains 6 bits. After going
through the eight substitution boxes, each box is reduced from 6 bits to 4 bits. The first and last bit
of each box provides the row index, and the remaining bits provide the column index. These
indices are used to look-up values in a substitution box. A substitution box has 4 rows, 16 columns,
and contains numbers from 0 to 15.
6. The result is transposed in accordance with the following rule:​

7
// The array elements denote the bit numbers

int permutation_table[32] = {

16,7,20,21,29,12,28,17,

1,15,23,26,5,18,31,10,

2,8,24,14,32,27,3,9,

19,13,30,6,22,11,4,25

};

The permutation table

7. XOR the left half with the result from the above step. Store this in the right plain text.
8. Store the initial right plain text in the left plain text.
9. These halves are inputs for the next round. Remember that there are different keys for each
round.
10. After the 16 rounds of encryption, swap the left plain text and the right plain text.
11. Finally, apply the inverse permutation (inverse of the initial permutation), ​and the ciphertext will
be generated.

Steps for decryption:The order of the 16 48-bit keys is reversed such that key 16 becomes key 1, and so on. Then,
the steps for encryption are applied to the ciphertext.

4. a)In how many ways the secret Key Distribution can be done
KEY- it is a piece of information,usually a string of numbers or letters that are stored in a file, which,
when processed through a cryptographic algorithm,can encode or decode cryptographic data.
Several techniques have been proposed for the distribution of public keys, which can mostly be grouped
into the categories shown.
Distribution of Secret Keys
Once public keys have been distributed or have become accessible, secure communication that thwarts
eavesdropping, tampering, or both, is possible. However, few users will wish to make exclusive use of
public-key encryption for communication because of the relatively slow data rates that can be achieved.
Accordingly, public-key encryption provides for the distribution of secret keys to be used for conventional
encryption
WAYS-
Simple Secret Key Distribution :by Merkle in 1979
:

– A generates a new temporary public key pair

– A sends B the public key and their identity
– B generates a session key K sends it to A encrypted using the supplied public key
– A decrypts the session key and both use
• problem is that an opponent can intercept and impersonate both halves of protocol
 Diffie –Hellman Key exchange:
• first public-key type scheme proposed
• by Diffie & Hellman in 1976 along with the exposition of public key concepts
– note: now know that Williamson (UK CESG) secretly proposed the concept in 1970
• is a practical method for public exchange of a secret key
• used in a number of commercial products
(for further understanding read answer 4(b)
b)Explain Diffie –Hellman Key exchange
The Diffie-Hellman algorithm is being used to establish a shared secret that can be used for
secret communications while exchanging data over a public network using the elliptic curve to
generate points and get the secret key using the parameters. 
For the sake of simplicity and practical implementation of the algorithm, we will consider only 4
variables, one prime P and G (a primitive root of P) and two private values a and b.
P and G are both publicly available numbers. Users (say Alice and Bob) pick private values a and b and
they generate a key and exchange it publicly. The opposite person receives the key and that generates
a secret key, after which they have the same secret key to encrypt.
Step by Step Explanation 
Alice:Public Keys available = P, G
Private Key Selected = a
Key generated = x=G^amodP
Exchange of generated keys takes place
Key received = y
Generated Secret Key = ka=y^amodP
Bob:Public Keys available = P, G
Private Key Selected = b
Key generated = y=G^bmodP
Exchange of generated keys takes place
 Key received = x
Generated Secret Key = kb=x^bmodP
Algebraically, it can be shown that ka=kb
Users now have a symmetric secret key to encrypt
Example: 
Step 1: Alice and Bob get public numbers P = 23, G = 9
Step 2: Alice selected a private key a = 4 and Bob selected a private key b = 3
Step 3: Alice and Bob compute public values Alice: x =(9^4 mod 23) = (6561 mod 23) = 6
Bob: y =(9^3 mod 23) = (729 mod 23) = 16
Step 4: Alice and Bob exchange public numbers
Step 5: Alice receives public key y =16 and Bob receives public key x = 6
Step 6: Alice and Bob compute symmetric keys
Alice: ka = y^a mod p = 65536 mod 23 = 9 Bob: kb = x^b mod p = 216 mod 23 = 9
Step 7: 9 is the shared secret.
5. a)In how many ways the secret Key Distribution can be done
KEY- it is a piece of information,usually a string of numbers or letters that are stored in a file, which, when
processed through a cryptographic algorithm,can encode or decode cryptographic data.
Several techniques have been proposed for the distribution of public keys, which can mostly be grouped
into the categories shown.
Distribution of Secret Keys
Once public keys have been distributed or have become accessible, secure communication that thwarts
eavesdropping, tampering, or both, is possible. However, few users will wish to make exclusive use of
public-key encryption for communication because of the relatively slow data rates that can be achieved.
Accordingly, public-key encryption provides for the distribution of secret keys to be used for conventional
encryption
WAYS-
Simple Secret Key Distribution :by Merkle in 1979
:

– A generates a new temporary public key pair

– A sends B the public key and their identity
– B generates a session key K sends it to A encrypted using the supplied public key
– A decrypts the session key and both use
• problem is that an opponent can intercept and impersonate both halves of protocol
 Diffie –Hellman Key exchange:
• first public-key type scheme proposed
• by Diffie & Hellman in 1976 along with the exposition of public key concepts
– note: now know that Williamson (UK CESG) secretly proposed the concept in 1970
• is a practical method for public exchange of a secret key
• used in a number of commercial products
(for further understanding read answer 4(b)
b)Explain RSA algorithm
RSA algorithm is an asymmetric cryptography algorithm. Asymmetric actually means that it works on
two different keys i.e. Public Key and Private Key. As the name describes, the Public Key is given to
everyone and the Private key is kept private.
An example of asymmetric cryptography :
-A client (for example browser) sends its public key to the server and requests for some data.
-The server encrypts the data using the client's public key and sends the encrypted data.
-Client receives this data and decrypts it

The idea! The idea of RSA is based on the fact that it is difficult to factorize a large integer. The public
key consists of two numbers where one number is multiplication of two large prime numbers. And
private keys are also derived from the same two prime numbers. So if somebody can factorize the
large number, the private key is compromised. Therefore encryption strength totally lies on the key size
and if we double or triple the key size, the strength of encryption increases exponentially. RSA keys can
be typically 1024 or 2048 bits long, but experts believe that 1024 bit keys could be broken in the near
future. But till now it seems to be an infeasible task.

Let us learn the mechanism behind RSA algorithm :

>> Generating Public Key :
Select two prime no's. Suppose P = 53 and Q = 59.
Now First part of the Public key : n = P*Q = 3127.
We also need a small exponent say e : But e Must be An integer.Not be a factor of n.
1 < e < Φ(n) [Φ(n) is discussed below], Let us now consider it to be equal to 3.
Our Public Key is made of n and e
>> Generating Private Key :
We need to calculate Φ(n) : Such that Φ(n) = (P-1)(Q-1) so, Φ(n) = 3016
Now calculate Private Key, d : d = (k*Φ(n) + 1) / e for some integer k For k = 2, value of d is 2011.
Now we are ready with our – Public Key ( n = 3127 and e = 3) and Private Key(d = 2011)
Now we will encrypt “HI” :
 Convert letters to numbers : H = 8 and I = 9
Thus Encrypted Data c = 89e mod n. Thus our Encrypted Data comes out to be 1394
Now we will decrypt 1394 :
Decrypted Data = cd mod n. Thus our Encrypted Data comes out to be 898 = H and I = 9 i.e. "HI".
6. Explain BLOWFISH Algorithm with Neat Diagram.
Blowfish is an encryption technique designed by Bruce Schneier in 1993 as an alternative to DES Encryption
Technique..
.blockSize: 64-bits,keySize: 32-bits to 448-bits variable size,number of subkeys: 18 [P-array],number of rounds:
16,number of substitution boxes: 4 [each having 512 entries of 32-bits each]

Blowfish Encryption Algorithm:The entire encryption process can be elaborated as:

Step1: Generation of subkeys:

● 18 subkeys{P[0]…P[17]} are needed in both encryption as well as decryption process and the
same subkeys are used for both the processes.
● These 18 subkeys are stored in a P-array with each array element being a 32-bit entry.
● It is initialized with the digits of pi(?).
● The hexadecimal representation of each of the subkeys is given by:

P[0] = "243f6a88"
P[1] = "85a308d3"
.
.
.
P[17] = "8979fb1b"

● Now each of the subkey is changed with respect to the input key as:

P[0] = P[0] xor 1st 32-bits of input key

P[1] = P[1] xor 2nd 32-bits of input key
.
.
.
P[i] = P[i] xor (i+1)th 32-bits of input key
(roll over to 1st 32-bits depending on the key length)
.
.
.
P[17] = P[17] xor 18th 32-bits of input key
(roll over to 1st 32-bits depending on key length)

The resultant P-array holds 18 subkeys that is used during the entire encryption process

Step2: initialise Substitution Boxes:

● 4 Substitution boxes(S-boxes) are needed{S[0]…S[4]} in both encryption as well as decryption process with
each S-box having 256 entries{S[i][0]…S[i][255], 0&lei&le4} where each entry is 32-bit.
● It is initialized with the digits of pi(?) after initializing the P-array. You may find the s-boxes in here!

Step3: Encryption:
 ● The encryption function consists of two parts:
a. Rounds: The encryption consists of 16 rounds with each round(Ri) taking inputs the plainText(P.T.) from the
previous round and corresponding subkey(Pi). The description of each round is as follows:

The description of the function ” F ” is as follows:

Here the function “add” is addition modulo 2^32.

b. Post-processing: The output after the 16 rounds is processed as follows:
7. Give the comparison between Symmetric key and Asymmetric key Cryptography.
 8. Explain the Block modes of operation with diagram
Block cipher is an encryption algorithm that takes a fixed size of input say b bits and produces a ciphertext of b
bits again. If the input is larger than b bits it can be divided further. For different applications and uses, there
are several modes of operations for a block cipher.
1. ECB Mode: ECB mode stands for Electronic Code Block Mode. It is one of the simplest modes of operation. In this
mode, the plain text is divided into a block where each block is 64 bits. Then each block is encrypted separately. The
same key is used for the encryption of all blocks. Each block is encrypted using the key and makes the block of
ciphertext.
At the receiver side, the data is divided into a block, each of 64 bits. The same key which is used for encryption is
used for decryption. It takes the 64-bit ciphertext and, by using the key, converts the ciphertext into plain text.
As the same key is used for all blocks’ encryption, if the block of plain text is repeated in the original message, then
the ciphertext’s corresponding block will also repeat. As the same key is used for all blocks, to avoid the repetition of
block ECB mode is used for an only small message where the repetition of the plain text block is less.

2. CBC Mode: CBC Mode stands for Cipher block Mode at the sender side; the plain text is divided into blocks. In
this mode, IV(Initialization Vector) is used, which can be a random block of text. IV is used to make the ciphertext of
each block unique.
The first block of plain text and IV is combined using the XOR operation and then encrypted the resultant message
using the key and form the first block of ciphertext. The first block of ciphertext is used as IV for the second block of
plain text. The same procedure will be followed for all blocks of plain text.
At the receiver side, the ciphertext is divided into blocks. The first block ciphertext is decrypted using the same key,
which is used for encryption. The decrypted result will be XOR with the IV and form the first block of plain text. The
second block of ciphertext is also decrypted using the same key, and the result of the decryption will be XOR with
the first block of ciphertext and form the second block of plain text. The same procedure is used for all the blocks.
CBC Mode ensures that if the block of plain text is repeated in the original message, it will produce a different
ciphertext for corresponding blocks.
3. CFB Mode: CFB mode stands for Cipher Feedback Mode. In this mode, the data is encrypted in the form of units
where each unit is of 8 bits.
Like cipher block chaining mode, IV is initialized. The IV is kept in the shift register. It is encrypted using the key and
forms the ciphertext.
Now the leftmost j bits of the encrypted IV is XOR with the plain text’s first j bits. This process will form the first part
of the ciphertext, and this ciphertext will be transmitted to the receiver.
Now the bits of IV are shifted left by j bits. Therefore the rightmost j position of the shift register now has
unpredictable data. These rightmost j positions are now filled with the ciphertext. The process will be repeated for
all plain text units.

4. OFB Mode: OFB Mode stands for output feedback Mode. OFB mode is similar to CDB mode; the only difference is
in CFB, the ciphertext is used for the next stage of the encryption process, whereas in OFB, the output of the IV
encryption is used for the next stage of the encryption process.
The IV is encrypted using the key and forms an encrypted IV. Plain text and the leftmost 8 bits of encrypted IV are
combined using XOR and produce the ciphertext.
For the next stage, the ciphertext, which is the form in the previous stage, is used as an IV for the next iteration. The
same procedure is followed for all blocks.

5. CTR Mode: CTR Mode stands for counter mode. As the name is counter, it uses the sequence of
numbers as an input for the algorithm. When the block is encrypted, to fill the next register the next
counter value is used.
For encryption, the first counter is encrypted using a key, and then the plain text is XOR with the
encrypted result to form the ciphertext.
The counter will be incremented by 1 for the next stage, and the same procedure will be followed for all
blocks. For decryption, the same sequence will be used. Here to convert ciphertext into plain text, each
ciphertext is XOR with the encrypted counter. For the next stage, the counter will be incremented by the
same will be repeated for all Ciphertext blocks.
 9. Apply RSA algorithm to generate the RSA Key for p=7 and q=11 and explain RSA Algorithm.
(please check answer 5(b) to understand this example)
Example, p = 7, q = 11
• n=pxq = 77 and (p - 1)(q - 1) = 60
• Pick a value of e that is relatively prime of 60, e = 7
• d= 7-¹ mod ((7-1) x (11-1))
7d = 1mod60, we have d = 43
• Public key <e,n> = <7,77>
Private key <d,n> = <43,77>
• A message = 9
• c = m² mod n = 9 ^ 7 * r mod 77 = 37
• m = cd mod n = 37 ^ 43 mod 77= 9
10. Explain Diffie-Hellman key exchange algorithm and generate common keys shared by Alice
and Bod with p=23 and g=5.
Step by Step Explanation 
Alice:Public Keys available = P, G
Private Key Selected = a
Key generated = x=G^amodP
Exchange of generated keys takes place
Key received = y
Generated Secret Key = ka=y^amodP
Bob:Public Keys available = P, G
Private Key Selected = b
Key generated = y=G^bmodP
Exchange of generated keys takes place
Key received = x
Generated Secret Key = kb=x^bmodP
Algebraically, it can be shown that ka=kb
Users now have a symmetric secret key to encrypt
Example: 
Step 1: Alice and Bob get public numbers P = 23, G = 5
Step 2: Alice selected a private key a = 4 and Bob selected a private key b = 3
Step 3: Alice and Bob compute public values Alice: x =(5^4 mod 23) = (625 mod 23) = 4
Bob: y =(5^3 mod 23) = (125 mod 23) = 10
Step 4: Alice and Bob exchange public numbers
Step 5: Alice receives public key y =10 and Bob receives public key x = 4
Step 6: Alice and Bob compute symmetric keys
Alice: ka = y^a mod p = 10000 mod 23 = 18 Bob: kb = x^b mod p = 64 mod 23 = 18
Step 7: ka=kb
18 is the shared secret.