Cryptography Reference
In-Depth Information
when it establishes a cryptographic key to be shared with a secure Web server.
10
From a security point of view, however, one may face the problem that the security
of the secret key cryptographic system that is used with the cryptographic key is
then bound by the quality and the security of the key generation process (which is
typically a PRBG). Consequently, it is advantageous to have a mechanism in place in
which two or more entities can establish and agree on a commonly shared secret key.
This is where the notion of a key agreement protocol comes into play (as opposed to
a key distribution protocol). The single most important key agreement protocol for
two entities was suggested by Diffie and Hellman [6]. Key establishment protocols
(including, for example, the Diffie-Hellman key agreement protocol) are further
addressed in Chapter 16. They play a central role in many cryptographic security
protocols for the Internet.
2.3.4
Entity Authentication
In computer networks and distributed systems it is often required that entities must
authenticate each other. In theory, many technologies can be used for entity authenti-
cation. In computer networks and distributed systems, however, entity authentication
is most often implemented as a proof by knowledge. This means that the entity that
is authenticated knows something (e.g., a password, a passphrase, or a cryptographic
key) that allows him or her to prove his or her identity to another entity. An entity
authentication protocol is used for this purpose. More often than not, an entity au-
thentication protocol is combined with a key distribution protocol (yielding an entity
authentication and key distribution protocol).
In Chapter 17, we elaborate on entity authentication and corresponding pro-
tocols. Among these protocols, we mainly focus on the ones that have the zero-
knowledge property. Zero-knowledge authentication protocols are interesting, be-
cause it can be shown in a mathematically precise sense that they do not leak any
(partial) information about the secret that is used in the proof by knowledge. This
protects the prover against a verifier trying to illegitimately derive information about
the prover's secret.
2.3.5
Secure Multiparty Computation
Let us assume that multiple entities want to compute the result of a function
evaluation without having to reveal their (local) input values to each other. There
are basically two cases to distinguish:
10
A
secure Web server
is a server that implements the secure sockets layer (SSL) or transport layer
security (TLS) protocol (see, for example, Chapter 6 of [5]).
