Key-agreement protocol

Key-agreement protocol

In cryptography, a key-agreement protocol is a protocol whereby two or more parties can agree on a key in such a way that both influence the outcome. If properly done, this precludes undesired third-parties from forcing a key choice on the agreeing parties. Protocols that are useful in practice also do not reveal to any eavesdropping party what key has been agreed upon.

Exponential key exchange

The first publicly-known [See Diffie-Hellman for a more complete history of both the secret and public development of public-key cryptography. ] public-key agreement protocol that meets the above criteria was the Diffie-Hellman exponential key exchange, in which two parties jointly exponentiate a generator with random numbers, in such a way that an eavesdropper has no way of guessing what the key is.

However, exponential key exchange in and of itself does not specify any prior agreement or subsequent authentication between the participants. It has thus been described as an anonymous key agreement protocol.


Anonymous key exchange, like Diffie-Hellman, does not provide authentication of the parties, and is thus vulnerable to Man-in-the-middle attacks.

A wide variety of cryptographic authentication schemes and protocols have been developed to provide authenticated key agreement to prevent man-in-the-middle and related attacks. These methods generally mathematically bind the agreed key to other agreed-upon data, such as the following:
* Public/private key pairs
* Shared secret keys
* Passwords

Public keys

A widely-used mechanism for defeating such attacks is the use of digitally signed keys that must be integrity-assured: if Bob's key is signed by a trusted third party vouching for his identity, Alice can have considerable confidence that a signed key she receives is not an attempt to intercept by Eve. When Alice and Bob have a public-key infrastructure, they may digitally sign an agreed Diffie-Hellman agreed key, or exchanged Diffie-Hellman public keys. Such signed keys, sometimes signed by a certificate authority, are one of the primary mechanisms used for secure web traffic (including HTTPS, SSL or Transport Layer Security protocols). Other specific examples are MQV and the ISAKMP component of the IPsec protocol suite for securing Internet Protocol communications. However, these systems require care in endorsing the match between identity information and public keys by certificate authorities in order to properly work.

Hybrid systems

Hybrid systems use public-key cryptography to exchange secret keys, which are then used in a symmetric-key cryptography systems. Most practical applications of cryptography use a combination of cryptographic functions to implement an overall system that provides all of the four desirable features of secure communications (Confidentiality, Integrity, Authentication, and Non-repudiation).


Password-authenticated key agreement protocols require the separate establishment of a password (which may be smaller than a key) in a manner that is both private and integrity-assured. These are designed to resist MITM and other active attacks on the password and the established keys. For example, DH-EKE, SPEKE, and SRP are password-authenticated variations of Diffie-Hellman.

Other tricks

If one has an integrity-assured way to verify a shared key over a public channel, one may engage in a Diffie-Hellman key exchange to derive a one-time shared key, and then subsequently authenticate that the keys match. One way is to use a voice-authenticated read-out of the key, as in PGPfone. Voice authentication, however, presumes that it is infeasible for a MITM to spoof one participant's voice to the other in real-time, which may be an undesirable assumption. Such protocols may be designed to work with even a small public value, such as a password. Variations on this theme have been proposed for Bluetooth pairing protocols.

In an attempt to avoid using any additional out-of-band authentication factors, Davies and Price proposed the use of the Interlock Protocol of Ron Rivest and Adi Shamir, which has been subject to both attack and subsequent refinement.

hared secret keys

Secret-key (symmetric) cryptography requires the initial exchange of a shared key in a manner that is private and integrity-assured. When done right, MITM attack is prevented. However, without the use of public-key cryptography, one may be left with undesirable key-management problems.


ee also

* Key (cryptography)
* Computer security
* Cryptanalysis
* Secure channel
* Digital signature
* Key management
* Password-authenticated key agreement
* Interlock Protocol
* zero-knowledge password proof

Wikimedia Foundation. 2010.

Игры ⚽ Нужно решить контрольную?

Look at other dictionaries:

  • Password-authenticated key agreement — In cryptography, a password authenticated key agreement method is an interactive method for two or more parties to establish cryptographic keys based on one or more party s knowledge of a password. Contents 1 Types 2 Brief history 3 See also …   Wikipedia

  • Key (cryptography) — In cryptography, a key is a piece of information (a parameter) that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would produce no useful result. In encryption, a key specifies the… …   Wikipedia

  • Key derivation function — KDF redirects here. For the Nazi organization, see Kraft durch Freude In cryptography, a key derivation function (or KDF) is a function which derives one or more secret keys from a secret value and/or other known information such as a password or …   Wikipedia

  • Protocol Concerning the Redeployment in Hebron — Protocol Concerning the Redeployment in Hebron, also known as The Hebron Protocol or Hebron Agreement, began January 7 and was concluded from January 15 to January 17 1997 between Israel, represented by Prime Minister of Israel Benjamin Netanyahu …   Wikipedia

  • Protocol for Carrying Authentication for Network Access — PANA (Protocol for Carrying Authentication for Network Access) is an IP based protocol that allows a device to authenticate itself with a network to be granted access. PANA will not define any new authentication protocol, key distribution, key… …   Wikipedia

  • Diffie–Hellman key exchange — (D–H)[nb 1] is a specific method of exchanging keys. It is one of the earliest practical examples of key exchange implemented within the field of cryptography. The Diffie–Hellman key exchange method allows two parties that have no prior knowledge …   Wikipedia

  • Diffie-Hellman key exchange — (D H) is a cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications… …   Wikipedia

  • Public-key cryptography — In an asymmetric key encryption scheme, anyone can encrypt messages using the public key, but only the holder of the paired private key can decrypt. Security depends on the secrecy of that private key …   Wikipedia

  • Interlock protocol — The interlock protocol, as described by Ron Rivest and Adi Shamir, was designed to frustrate eavesdropper attack against two parties that use an anonymous key exchange protocol to secure their conversation. A further paper proposed using it as an …   Wikipedia

  • Oakley protocol — The Oakley Key Determination Protocol is a key agreement protocol that allows authenticated parties to exchange keying material across an insecure connection using the Diffie Hellman key exchange algorithm. The protocol was proposed by H. Orman… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”