Key Agreement Protocol

Is an implementation of perfect forward secrecy where both the client and recipient contribute to the creation of a secure session key.

The general algorithm for a sender/reciever pair of Alice/Bob is:

Alice & Bob declare and share two numbers between themselves.
- A large prime number \( p \), and
- A number \( g, 1 < g < p \).
These don't need to be secret so they can be sent over an unsafe channel.
Both Alice and Bob now independently pick some random number \(a\) and \(b\) respectively.
Alice sends Bob \( {g}^{a} (\text{mod} p) \)
Bob sends Alice \( {g}^{b} (\text{mod} p) \)
Both Alice and Bob now calculate \( S = ({g}^{b} \mod p)^a = ({g}^{a} \mod p)^b = {g}^{ab} \mod p \). \( S \) is the secret session key used to secure correspondences between Alice and Bob.

This algorithm is secure so long as the discrete log problem is maintained.

Vulnerabilities

This protocol is still [see page 39, vulnerable] to man in the middle attacks.