Main Page | See live article | Alphabetical index

Key-agreement protocol

In cryptography, a key-agreement protocol is a protocol whereby two people can agree on a key in such a way that both influence the outcome. If properly done, this precludes a third-party from forcing a key choice on the communicating parties. Useful protocols also do not reveal to any eavesdropping party what key has been agreed upon.

The first publicly known key-agreement protocol that meets these criteria was Diffie-Hellman key exchange, in which the two people jointly exponentiate a generator with random numbers, in such a way that an eavesdropper has no way of guessing what the key is.

Diffie-Hellman was first developed by researchers at GCHQ, the UK equivalent to NSA. James Ellis demonstrated that non-secret encryption was possible in the 1960s and Malcolm Williamson developed what is now called Diffie-Hellman Key exchange in the early 1970s. GCHQ did not allow publication, so Diffie and Hellman were the first to publish.

See also : ISAKMP


See the appendix to Crypto, by Steven Levy for more information on GCHQ's work, The Code Book by Simon Singh, or the GCHQ Web page about 'non-secret encryption'. The latter contains an essay by James Ellis himself.