In cryptography, a key-agreement protocol is a protocol whereby two or more parties that may not yet share a common key can agree on such a key. Preferably, both parties can influence the outcome so that neither party can force the choice of key. An attacker who eavesdrops on all communication between the two parties should learn nothing about the key. Yet, while the attacker who sees the same communication learns nothing or little, the parties themselves can derive a shared key.
Key agreement protocols are useful, e.g., to secure communication, e.g., to encrypt and/or authenticate messages between the parties.
Practical key agreements protocols were introduced in 1976 when Whitfield Diffie and Martin Hellman introduced the notion of public-key cryptography. They proposed a system for key agreement between two parties which makes use of the apparent difficulty of computing logarithms over a finite field GF(q) with q elements. Using the system, two users can agree on a symmetric key. The symmetric key may then be used for say, encrypted communication between the two parties.
Current key agreement methods applicable when the parties do not yet have a shared secret, such as the Diffie-Hellman key agreement method, require resource-heavy mathematical operations. For example, the Diffie-Hellman requires one to perform exponentiation operations over a finite field. Both the exponent and the field size may be large. This makes key agreement protocols less suitable for low-resource devices. On the other hand key agreement protocols would be very useful in resource-restrained devices. For example, in application areas such as the internet of things, ad-hoc wireless networks, and the like, key agreement could be used to protect links between devices. Another example is communication between a reader and an electronic tag, say a card reader and a smart card, or a tag reader and tag, e.g., an RFID tag or an NFC tag. It would be advantageous to have a key agreement protocol that places a smaller burden on at least one of the two parties, i.e., on the electronic tag.
Reference is made to the article “Key Exchange and Encryption Schemes Based on Non-commutative Skew Polynomials” by Delphine Boucher, et al. The article relates to a key exchange algorithm based on so-called non-commutative skew polynomials.