1. The original public-key algorithm. Modern cryptography starts in 1976 when Diffie and Hellman published their groundbreaking paper "New Directions in Cryptography". Contrast: Whereas RSA is based upon the mathematical problem of factoring large numbers, DH is based upon the discrete logarithm problem. Whereas RSA can be used to encrypt messages, DH can only be used for key-exchange. However, RSA is essentially only used for key-exchange in the first place. The disadvantages of DH vs. RSA are: message expansion DH encrypted messages are larger (though this isn't really an issue for key-exchange). key size Current standards (e.g. DSS) specify smaller key sizes than those supported by RSA-based standards. CPU DH based standards take processing time than RSA based equivalents (and a lot more than than elliptical curve techniques). Advantages of DH over RSA are: patents This is no longer an important issue now that RSA patents have expired, but the reason DH became popular was because it was essentially patent-free. key generation It takes a long time to generate RSA keys, so DH is a better option if keys must be generated often. key size For keys of the same size, DH is more secure. In other words, it takes longer keys for RSA to be as secure as DH. security DH is conjectured to be less likely to be broken by new developements in mathematical theory. Contrast: The most common use of Diffie-Hellman is ElGamal, a public-key encryption variant of Diffie-Hellman. The U.S. government standard DSS is based upon ElGamal. See also: RSA, public-key crypto. From Hacking-Lexicon