What's the difference between Diffie-Hellman and RSA?
Short answer
RSA is an asymmetric algorithm used to encrypt data or create digital signatures using a key pair. Diffie-Hellman is a key-agreement protocol that lets two parties derive a shared secret over a public channel without ever transmitting it. They solve different problems: RSA proves identity and can wrap keys; DH negotiates a session key — and its ephemeral variant gives forward secrecy.
Interviewers ask this to see whether you understand that "asymmetric crypto" is not one thing. RSA and Diffie-Hellman are both built on hard math problems and both use public values, but they were designed to do different jobs.
RSA: encryption and signatures
RSA is built on the difficulty of factoring the product of two large primes. A party generates a key pair: a public key anyone can use, and a private key only they hold. Because of that structure RSA can do two things — encrypt data so only the private-key holder can read it, and sign data so anyone can verify it came from the private-key holder and was not altered. In older TLS, RSA was also used for key transport: the client encrypted a session secret with the server's public key.
Diffie-Hellman: key agreement
Diffie-Hellman does not encrypt or sign anything. It is a protocol in which two parties each pick a private value, exchange public values derived from them, and independently compute the same shared secret — without that secret ever crossing the wire. Its security rests on the discrete logarithm problem. An eavesdropper sees the public values but cannot feasibly derive the shared secret.
Why the distinction matters
The two are complementary, which is exactly how TLS uses them: an ephemeral Diffie-Hellman exchange (DHE or, with elliptic curves, ECDHE) negotiates the session key, while an RSA (or ECDSA) signature authenticates the server so you know who you agreed with. Ephemeral DH also gives forward secrecy, because the per-session keys are discarded — capturing the server's long-term key later does not decrypt past traffic. Static RSA key transport lacks this, which is why TLS 1.3 dropped it.
What interviewers look for
State clearly that RSA can encrypt and sign while DH only agrees on a key, then connect that to TLS: DH for the session key, a signature for authentication, and ephemeral DH for forward secrecy.
Likely follow-ups
- Why does ephemeral Diffie-Hellman (DHE/ECDHE) give forward secrecy when RSA key exchange does not?
- Why did TLS 1.3 remove static RSA key exchange?
- What is the discrete logarithm problem and how does it underpin DH?