ABSTRACT
This chapter presents the Diffie–Hellman key-exchange protocol. A smartcard can carry out cryptographic computations using the stored secret keys, ensuring that these keys never make their way onto users’ personal computers. A better approach, which avoids requiring employees to store and manage multiple keys, is to utilize the KDC in an online fashion to generate keys “on demand” whenever two employees wish to communicate securely. The protocol was designed in this way to reduce the load on the KDC. In the protocol as described, the KDC does not need to initiate a second connection to Bob, and need not worry whether Bob is on-line when Alice initiates the protocol. KDCs and protocols like Kerberos are used in practice. But these approaches to the key-distribution problem require, at some point, a private and authenticated channel that can be used to share keys.
