The Diffie-Hellman key exchange procedure

A and B are communicating. C hears everything A and B say. A and B want to agree on a number, without C knowing what the number is. It may be, for example, that A and B plan to use the number as the key for future encoded messages. The procedure (also often called a protocol):

A and B agree on a (large) prime $p$ and a primitive root $a$. These numbers are also known to C. A secretly chooses a (large) number $X_1$, B secretly chooses $X_2$. $a^{X_1}$ and $a^{X_2}$ mod $p$ are publicly announced (hence known to C). The secret number will be $S=a^{X_1X_2}$ mod $p$.

$$\hbox{A calulates }S{\equiv}\left(a^{X_2}\right)^{X_1}\qquad \hbox{B calculates }S{\equiv}\left(a^{X_1}\right)^{X_2}$$

A possible drawback to this system is that neither A nor B controls what $S$ is. If $S$ is not a satisfactory number, they may have to repeat the protocol.

Diffie and Hellman suggest the procedure can also be used in a situation in which $n$ people must find, for each pair of people, an agreed-upon number. For $1\le i,j\le n$ the number is $a^{X_iX_j}$.