Cryptography Reference
In-Depth Information
•
A
key agreement protocol
can be used by two entities to establish and mu-
tually agree on a secret key. Alternatively speaking, the key is derived from
information provided by both entities.
G
%
,
G
%
,
Figure 16.1
Key distribution versus key agreement.
Figure 16.1 illustrates the notion of a key distribution as compared to a key
agreement. In the first case, a secret key is distributed from entity A to entity B,
whereas in the second case, A and B establish and mutually agree on a secret key.
So in the first case, the relationship between A and B is unidirectional, whereas the
relationship is bidirectional in the second case.
As already mentioned in Section 2.3.3, key agreement protocols are advanta-
geous from a security viewpoint, and hence they should be the preferred choice.
Unfortunately, key agreement protocols also tend to be more involved than key
distribution protocols. In either case, the most important key distribution and key
agreement protocols are overviewed and briefly discussed next.
16.2
KEY DISTRIBUTION PROTOCOLS
Only a few key distribution protocols are in use today. In this section, we elaborate
on Merkle's Puzzles, Shamir's three-pass protocol, and an asymmetric encryption-
based key distribution protocol. The former two protocols are only theoretically
(or historically) relevant, whereas the asymmetric encryption-based key distribution
protocol is the key distribution protocol of choice for practical use. In fact, it is
employed in almost all network security protocols in use today in one way or another.
16.2.1
Merkle's Puzzles
In 1975, Ralph C. Merkle developed and proposed an idea that is conceptually sim-
ilar and very closely related to public key cryptography and asymmetric encryption
