(also key establishment, key negotiation)
Key exchange definition
Key exchange is a cryptography process in which cryptographic keys are exchanged between two parties, allowing them to use these keys for sharing encrypted information via a cryptographic algorithm. Additionally, a key exchange is designed so that no one else, aside from the two parties, can get a copy of the keys, meaning that only the two parties can access the encrypted communication. To start the key exchange, the two parties first need to negotiate and settle on which encryption keys to use during the conversation. Key exchanges are performed either in-band or out-of-band.
Key exchange schemes
- Diffie-Hellman key exchange (DHKE) is a protocol that enables two parties to exchange secret keys safely, even if a third party monitors their communication channel, which is typically public and not secure. This method can repel sniffing attacks or data interception. However, it is still vulnerable to man-in-the-middle attacks because it does not authenticate the identity of the user at the other end of the communication channel. Users can implement this key exchange via discrete logarithms, which is the classic DHKE algorithm, or via elliptic-curve cryptography, called the Elliptic-curve Diffie-Hellman (ECDH) algorithm.
- RSA-OAEP uses optimal asymmetric encryption padding and RSA encryption to provide asymmetric encryption. This algorithm is used for public-key encryption and adds some randomness, meaning that a deterministic encryption scheme can be transformed into a probabilistic scheme.