Assuming the existence of one-way functions, we describe a simple protocol to exchange secret keys through an insecure (but authenticated) channel. If no precomputation is allowed, our scheme uses O(n) time for agreement on a number in the range 1..n 2. An intruder takes time O(n 2) to obtain the secret key. Thus, the number of steps necessary to cryptanalyze is the square of the number of steps in the protocol. If pre-computation is allowed to one of the parties in the key-exchange and also to the enemy, then this performance can be improved significantly. The assumptions necessary about the one-way-function are weaker than the assumptions in [Mer78] and in [DH76].1 The potential applications of our protocol also are more general than those of Merkle’s protocol.
[1]
Ralph C. Merkle,et al.
Secure communications over insecure channels
,
1978,
CACM.
[2]
Yvo Desmedt,et al.
The Importance of "Good" Key Scheduling Schemes (How to Make a Secure DES Scheme with <= 48 Bit Keys)
,
1986,
CRYPTO.
[3]
Yvo Desmedt,et al.
The Importance of Good Key Scheduling Schemes (how To Make a Secure Des Scheme With Less-than-or-equal-to-48 Bit Keys)
,
1986
.
[4]
Whitfield Diffie,et al.
New Directions in Cryptography
,
1976,
IEEE Trans. Inf. Theory.
[5]
Russell Impagliazzo,et al.
Limits on the provable consequences of one-way permutations
,
1988,
STOC '89.