Traditionally, entities communicated on paper and were able to ensure privacy in many ways. The transition from paper to electronic media however, has created the need for electronic privacy and authenticity. In cryptographic schemes, the entities use primitives, which are mathematical operations together with encoding and formatting techniques to provide security. For each scheme the parties participating in the scheme normally agree upon or exchange certain information before executing the scheme function. The specific information that needs to be agreed upon is detailed for each scheme. Such agreement may be achieved by any means suitable for the application. It may be implicitly built into the system or explicitly achieved by some sort of exchange of information with or without involvement from other parties. In particular, parties often need to agree on parameters and obtain each other's public keys. For proper security, a party needs to be assured of the true owners of the keys and parameters and of their validity. Generation of parameters and keys needs to be performed properly and, in some cases, verification needs to be performed.
In general, the different types of schemes may be defined as follows. Key agreement schemes, in which two parties use their public, private key pairs and possibly other information, to agree on a shared secret key. A signature scheme with appendix is a scheme in which one party signs a message using its private key and any other party can verify the signature by examining the message, the signature, and the signer's cross corresponding public key. In signature schemes with message recovery, one party signs a message using its private key and any other party can verify the signature and recover the message by examining the signature and the signer's corresponding public key. Finally, in encryption schemes, any party can encrypt a message using the recipient's public key and only the recipient can decrypt the message using its corresponding private key.
An example of a key derivation scheme is the MQV (Menezes-Qu-Vanstone). In the MQV scheme, a shared secret value is derived from one party's two key pairs and another party's two public keys where all the keys have the same discrete log (DL) parameters. In this generalized MQV scheme, it is assumed that the shared secret value is that which is shared between two parties.
However, where each party or entity consists of a collection of parties say A={A1, A2 . . . An} and B={B1, B2, . . . Bm} where m is not necessarily equal to n and at least one of m or n is at least two (that is, not both A and B consist of one individual), it is difficult to implement the generalized MQV scheme if these two entities wish to establish a common key in order to communicate privately.