Questions tagged [key-exchange]
Key exchange protocols allow two parties to produce a secret session key over a public channel.
669
questions
1
vote
1
answer
60
views
Key size for One Time Pad use with QKD
For a practical QKD implementation where OTP has been chosen for encrypting, how are key sizes determined?
Say, for example, Alice wishes to exchange xGB to Bob, then a key management system should ...
1
vote
0
answers
41
views
In Kerberos, is the "Authentication Server" the only "Trusted Third Party"? Or is "Ticket Granting Server" also a "Trusted Third Party"? [closed]
I know that AS (Authentication Server) is a TTP (Trusted Third Party) because it generates keys for two entities (for the client and the TGS).
But what about TGS (Ticket Granting Server)? It also ...
- 51
0
votes
0
answers
25
views
Question about Environment Set in Universally Composable Security Proof
I have read into many papers and tutorials regarding "Universally Composable Security Proofs." I still have one confusion about the initial setup by the environment. On one hand, I got that ...
- 101
11
votes
1
answer
5k
views
Is it possible to establish a shared secret over an untrusted unidirectional channel?
It there any way to, given a unidirectional channel, say a UDP messaging protocol, to derive a secret key and transmit information securely without prior knowledge of the other party? It sounds ...
- 145
3
votes
2
answers
439
views
The advantages of using KEM compared to applying traditional PKE approach
I am studying a thesis on the design of a key encapsulation mechanism (KEM). In section 2.6 (page 18) of this thesis, the following explanation is given about the difference between KEM and common ...
- 33
0
votes
0
answers
60
views
SampleNTT in Kyber [duplicate]
I was going through Kyber specification mentioned here - https://csrc.nist.gov/pubs/fips/203/ipd
The SampleNTT is an algo used for matrix A calculation that takes XOF(p,i,j) as input.
If the input is ...
- 31
1
vote
2
answers
51
views
Is this procedural code correct description of `g is a primitive root module of p`?
I am a web developer with only high school level knowledge of math. I wanted to understand how TLS 1.3 is better than TLS 1.2. Along the way, I bumped into the concept of Diffie Hellman Key Exchange ...
- 137
0
votes
0
answers
35
views
Does Qrypt's BLAST protocol based on "Doubly-Affine Extractors" use public-key or symmetric-key cryptography?
The company Qrypt states that "Key distribution based on asymmetric algorithms is a weak link for cryptography" and claims to "enable encryption without distributing encryption keys&...
- 441
1
vote
1
answer
319
views
A simple guide to Diffie-Hellman Key Exchange including the what, the how and the why
I'm tired of going online looking for a simple explanation of how the Diffie-Hellman Key Exchange works. Many guides I've found attempt to explain it using anything from "paint" to massive ...
- 142
4
votes
0
answers
124
views
What are the binding properties of post-quantum KEMs?
Performing a key exchange with post-quantum KEMs is very different to ECDH, which will likely cause vulnerabilities in protocols during the migration to post-quantum cryptography.
One example is that ...
- 1,833
3
votes
1
answer
129
views
The weakening of PQC as a result of lack of KEX?
As far as I can tell we don't have any good key exchange post-quantum candidates. SIKE was broken some time ago.
It is possible to reach an authenticated shared secret by having the public key holder ...
- 31
1
vote
0
answers
79
views
Ephemeral ECC refresh vs. simple hash ratchet
Some protocols employ ephemeral ECC key exchanges throughout the session. Such as the Noise framework.
Is the rationale to do this simply because you can do it efficiently?
To provide future secrecy ...
user113099
2
votes
2
answers
309
views
RSA: Is padding necessary for key exchange?
When RSA is strictly used to exchange random shared secrets, is the padding scheme important for security or can it be omitted entirely?
The party in possession of an RSA public key will generate ...
user113099
2
votes
3
answers
253
views
Is any safe prime sufficient for a secure DH key exchange?
There are some very large safe primes listed here: https://en.wikipedia.org/wiki/Safe_and_Sophie_Germain_primes
Would using any of them result in a secure DH construction? Generator is 2.
The exponent ...
user113099
2
votes
0
answers
79
views
Tor Key Exchange Client - Middle Node
I am currently exploring the workings of the Tor network, specifically how the Diffie-Hellman (DH) key exchange protocol is employed to establish shared secret keys between the client and each relay ...
- 21