Category:Key Exchange

Key Exchange refers to methods for two (and sometimes more) parties to arrive at a shared secret. Key Exchange is usually divided into one of two classes. The first group is key agreement schemes and the second is key transport schemes.

Key Agreement schemes both parties contribute to the shared secret. Examples of key agreement are Diffie-Hellman, EC Diffie-Hellman, and XTR Diffie-Hellman. Key Transport schemes usually means one party contributes to the shared secret. Examples of key transport are RSA key exchange, where the client encrypts a random value and sends it to the server as the shared secret.

The shared secret is usually transformed from the key exchange domain to the encryption domain using a key derivation function. The output of the key derivation function is then used to key a block or stream cipher and used for bulk encryption. For example IPSec Phase I uses Internet Key Exchange (IKE) to arrive at a shared secret. The shared secret is then transformed using HMAC-based Extract-and-Expand key derivation function for use in keying block ciphers during Phase II.