Key Agreement Schemes

In this chapter, the authors focus on key agreement schemes, in which two users can establish a new session key via an interactive protocol that does not require the active participation of a TA. They give a brief overview of Transport Layer Security. They introduce the Diffie-Hellman Key Agreement Scheme and some variations, and discuss various security proofs for these types of schemes. They examine the MTI Key Agreement Scheme. The authors describe one common method of realizing key derivation functions that is based on a cryptographic hash function. It is not too difficult to show that the security of the MTI/A0 key agreement scheme against a passive adversary is exactly the same as in the Diffie-Hellman key agreement scheme-see the Exercises. The concept of deniability provides an interesting counterpoint to the idea of non-repudiation, which is a central requirement of signature schemes.