Key Exchange and DHKE

In cryptography **key establishment** (**key exchange**, **key negotiation**) is a process or protocol, whereby a **shared secret** becomes available to two parties, for subsequent cryptographic use, typically for encrypted communication. Establishment techniques can be **key agreement** or **key transport** schemes.

- In a
**key agreement**scheme both parties contribute to the negotiation of the shared secret. Examples of key agreement schemes are Diffie-Hellman (**DHKE**) and Elliptic-Curve Diffie-Hellman (**ECDH**). - In a
**key transport**scheme only one of the parties contributes to the shared secret and the other party obtains the secret from it. Key transport schemes are typically implemented through**public-key cryptography**, e.g. in the**RSA key exchange**the client encrypts a random session key by its private key and sends it to the server, where it is decrypted using the client's public key.

By design **key exchange** schemes securely exchange cryptographic keys between two parties, in a way that noone else can obtain a copy of the keys. Typically, at the start of an **encrypted conversation** (e.g. during the **TLS handshake** phase), the parties first negotiate about the encryption keys (the shared secret) to be used during the conversation. **Key exchange schemes** are really important topic in the modern cryptography, because keys are exchanged hundreds of times by million devices and servers in Internet.

A **key negotiation** (**key establishment**) scheme is executed every time when a laptop connects to the Wi-Fi network or a Web browser opens a Web site through the

`https://`

protocol. The key negotiation can be based on a annonymous key-exchange protocol (like DHKE), a password or pre-shared key (PSK), a digital certificate or a combination of many elements together. Some communication protocols establish a shared secret key once only, while others constantly change the secret key over the time.Key Exchange / Key Agreement Algorithms

Many **cryptographic algorithms** exist for key exchange and key establishment. Some use public-key cryptosystems, others use simple key-exchange schemes (like the Diffie–Hellman Key Exchange), some involve server authentication, some involve client authentication, some use passwords, some use digital certificates or other authentication mechanisms.

Examples of key exchange schemes are: **Diffie–Hellman key exchange** (**DHКЕ**) and **Elliptic-curve Diffie–Hellman** (**ECDH**), **RSA-OAEP** and **RSA-KEM** (RSA key transport), **PSK** (pre-shared key), **SRP** (Secure Remote Password protocol), **FHMQV** (Fully Hashed Menezes-Qu-Vanstone), **ECMQV** (Ellictic-Curve Menezes-Qu-Vanstone) and **CECPQ1** (quantum-safe key agreement).

Let's start from the classical **Diffie–Hellman Key Exchange** (DHКЕ) scheme, which was one of the first public key protocols.

Last modified 7mo ago

Copy link