Key Agreement Protocols

Key Agreement Protocols
A drawback of public-key algorithms is that they are not efficient for sending large amounts
of data. They require significant computer power, which slows down communication. Public-
key algorithms should not be thought of as a replacement for symmetric secret-key algorithms.
Instead, public-key algorithms can be used to allow two parties to agree upon a
key to be used for symmetric secret-key encryption over an unsecure medium. The process
by which two parties can exchange keys over an unsecure medium is called a key agreement
protocol. A protocol sets the rules for communication: Exactly what encryption algorithm(
s) is (are) going to be used?
The most common key agreement protocol is a digital envelope (Fig. 6.5). With a digital
envelope, the message is encrypted using a symmetric secret key, and the symmetric
secret key is encrypted using public-key encryption. The sender attaches the encrypted
Fig. 6.4 Authentication with a public-key algorithm
WVF%B#
X2?%Y
Signed ciphertext
decrypt decrypt
encrypt
Plaintext
Buy 100 shares
of company X
XY%#?
42%Y
Receiver's Ciphertext
public key
Sender's
private key
encrypt
Buy 100 shares
of company X
Plaintext Receiver's
private key
Sender's public key
(authenticates
XY%#?
42%Y
Ciphertext
Sender
Receiver
140 Security Chapter 6
© Copyright 2002. Deitel & Associates, Inc. All Rights Reserved.
symmetric secret key to the encrypted message and sends the receiver the entire package.
The sender could also digitally sign the package before sending it to prove the sender’s
identity to the receiver (Section 6.7). To decrypt the package, the receiver first decrypts the
symmetric secret key using the receiver’s private key. Then, the receiver uses the symmetric
secret key to decrypt the actual message. Since only the receiver can decrypt the
encrypted symmetric secret key, the sender can be sure that only the intended receiver is
reading the message.