, Volume 28, Issue 2, pp 119-134

An Efficient Protocol for Authenticated Key Agreement


This paper proposes an efficient two-pass protocol for authenticated key agreement in the asymmetric (public-key) setting. The protocol is based on Diffie-Hellman key agreement and can be modified to work in an arbitrary finite group and, in particular, elliptic curve groups. Two modifications of this protocol are also presented: a one-pass authenticated key agreement protocol suitable for environments where only one entity is on-line, and a three-pass protocol in which key confirmation is additionally provided. Variants of these protocols have been standardized in IEEE P1363 [17], ANSI X9.42 [2], ANSI X9.63 [4] and ISO 15496-3 [18], and are currently under consideration for standardization and by the U.S. government's National Institute for Standards and Technology [30].