Numbers in a finite group
shared = g^(ab)Alice applies her secret exponent to Bob's public value. Bob does the symmetric calculation.
Diffie-Hellman comparison
Read blogOne hidden product, three algebraic worlds.
These systems preserve the hidden scalar relationship a * b. The operations and public inputs are visible, but a, b, and the raw product a * b remain private. What changes is the encoded result: g^(ab), abP, or e(P,Q)^(ab), and who is meant to compute it.
Public
operator, g/P/Q, public keysPrivate
a, b, raw a * bEncoded result
DH/ECDH: private to Alice and Bob; pairing: often publicPoints on an elliptic curve
shared = abPThe same hidden product appears as scalar multiplication of a public base point.
Public map into GT
shared-like value = e(P,Q)^(ab)The result moves into a target group, and public keys can often be combined publicly.
Hash a secp256k1 public key
Base58Check(0x00 || HASH160(pubkey))Legacy P2PKH addresses use SHA-256, RIPEMD-160, a version byte, and a checksum.
Take the last 20 bytes
last20(Keccak256(pubkey_x || pubkey_y))Ethereum hashes the uncompressed secp256k1 public key without the leading 0x04 byte.
Comparison matrix
Same hidden product, different algebraic worlds.
| System | Protocol shape | Public starting object | Private input(s) | Public output(s) | Calculation | Result | Main algebra or hash rule | Where result lives | Typical use |
|---|---|---|---|---|---|---|---|---|---|
| Ordinary Diffie-Hellman | Two-party key agreement | Generator number g | Alice secret a and Bob secret b | Alice publishes g^a; Bob publishes g^b | Alice computes (g^b)^a; Bob computes (g^a)^b | g^(ab) | (g^a)^b = g^(ab) | Number/group element | Older finite-field DH |
| Elliptic-Curve Diffie-Hellman / X25519 | Two-party key agreement | Public curve point P | Alice secret a and Bob secret b | Alice publishes aP; Bob publishes bP | Alice computes a(bP); Bob computes b(aP) | abP | a(bP) = abP | Elliptic-curve point | Modern secure connections |
| Pairing version | Public pairing relation or scheme-specific key/proof check | Two public curve points, often P in G1 and Q in G2 | Scheme scalars such as a and b | Could publish aP and bQ, depending on scheme | Often compute e(aP, bQ) | e(P,Q)^(ab) | e(aP,bQ) = e(P,Q)^(ab) | Target group element, usually written GT | Identity-based crypto, BLS signatures, zk-SNARKs |
| Bitcoin key/address | Single-account key pair and address derivation | secp256k1 generator point G | One account private scalar k | Public key K = kG, usually compressed for P2PKH | HASH160(compressed public key), then Base58Check | Bitcoin address, for example P2PKH | address = Base58Check(0x00 || RIPEMD160(SHA256(K))) | Base58Check address string | Receiving funds and identifying spend conditions |
| Ethereum key/address | Single-account key pair and address derivation | secp256k1 generator point G | One account private scalar k | Uncompressed public key K = kG = 0x04 || x || y | Keccak256(x || y), then take the last 20 bytes | Ethereum account address | address = last20(Keccak256(public_key_without_04)) | 20-byte address, usually hex with optional EIP-55 checksum casing | Account identity for balances, transactions, and contracts |
Intentional capability
Pairings do not reveal the ECDH shared point.
In ordinary ECDH, an outsider seeing P, aP, and bP should not derive abP. In a pairing-friendly setting, a public observer may compute e(aP,bQ). That reveals a related target-group value, not a, b, or abP.
| Technology | What it intentionally lets you do |
|---|---|
| X25519 | Only Alice and Bob derive abP |
| Pairings | Publicly combine points into e(P,Q)^(ab) |
| BLS signatures | Verify a signature relation with pairings |
| zk-SNARKs | Verify algebraic proof relations efficiently |
| Identity-based encryption | Derive public keys from identities such as an email address |