Please read my previous article on TLS to understand the key exchange step.
Key exchange is a protocol, where keys are shared between two trusted parties over an untrusted network. The keys can then be used to perform other cryptographic operations like encryption, decryption, signing, etc. Key exchange is a fundamental construct used to secure internet traffic (an untrusted network) using TLS. The protocol used during a specific communication over the internet is represented by the agreed cipher suite between the parties while establishing a TLS channel. For example, in the cipher suite definition TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, the key exchange algorithm to be used is represented in the beginning, i.e., ECDHE.
Commonly Used Protocols
DHE (Diffie-Hellman Key Exchange)
Goal: We have a symmetric encryption scheme and want to agree on keys that we can use to encrypt the messages, over an unsecured channel.
- We each pick a number, generally large, and keep it a secret, even from each other. I will pick x, and you will pick y.
- We agree on two more numbers, both prime, which anybody can know. We will call them g and n.
- I will calculate gxmodn and tell you my answer. You will calculate gymodn and tell me your answer.
- Our shared key is gxymodn=(gymodn)xmodn=(gxmodn)ymodn.
It is important to note that DHE is not limited to two parties, and several parties can take part by performing iterations on the protocol. The strength of the algorithm is the difficulty of factoring large-enough prime numbers.
EC-DH (Elliptic Curve Diffie-Hellman Key Exchange)
Goal: We have a symmetric encryption scheme and want to agree on keys that we can use to encrypt the messages, over an unsecured channel. This is a variant of DHE (explained above), but instead of using a prime number and relying on the difficulty of prime number factorization, uses elliptic curves to represent the key materials.
- We each pick a public key d (random selected integer) and private key pair representing a point in the elliptic curve such that Q = d.G (where G is the domain parameter of the curve being used). Let the key pairs be (dA, QA) and (dB, QB).
- They share the public keys (QA and QB) between them over the unsecured network. The public keys can be static and shared by a X.509 certificate, or they can be ephemeral, where-in the algorithm is called ECDHE (the ‘E’ at the end stands for ephemeral).
- Then both parties computes point in the elliptic curve such that (xk, yk) = dA.QB = dA.dB.G=dB.dA.G=dB.QA.
- xk is the shared key between both the parties, which can be used to further derive additional symmetric keys.
RSA Asymmetric Encryption
Goal: I want anybody to be able to encrypt a message, but I’m the only one who can decrypt it. I do not want to share decryption keys with anybody.
- I choose two large primes, p, and q.
- I calculate n such that pq=n.
- I calculate t such that (p−1)(q−1)=t.
- I choose an integer e that is both less than t and coprime with t.
- I find d such that d is the multiplicative inverse of emodt.
- I release (e,n) as my public key, and retain (d,n) as my private key.
- When you communicate with me, you treat your message as a large number m. The ciphertext c is given by c=memodn, and decrypted by m=cdmodn.
Quantum Key Exchange
Most of the above-used algorithms are not resistant to post-quantum cryptoanalysis and can supposedly be broken using an applicable quantum computer in hand. There is huge on-going research to come up with newer and resistant algorithms for key exchange and other cryptographic operations. These algorithms use the quantum states (i.e. qubits) to operate on the key materials to achieve the goals. Most of the protocols are very experimental. Two of known are:
Here is an exhaustive list of quantum key exchange protocols.