In the field of data processing, digital keys may be used to encrypt data, to protect the data from unauthorized access. For instance, in preparation for a communication session, two data processing systems (or “parties”) may agree to use a particular digital key to encrypt (and decrypt) the messages to be shared during that communication session. Accordingly, that digital key may be referred to as a “session key.” In addition, session keys are typically treated as shared secrets. For instance, the parties typically should not simply transmit the session keys, because an unauthorized party (or “opponent”) might be monitoring the transmissions, and if the opponent gets the session key, the opponent will be able to decrypt and forge subsequent messages.
If two parties already have an established relationship, the two parties may be able to generate session keys for subsequent sessions without explicitly sharing those session keys. For instance, the parties may generate session keys based on previously agreed parameters.
In addition, processes have been developed to enable parties to generate session keys or other shared secrets by communicating various parameters with each other, even if the parties do not have a pre-established relationship. For instance, two parties without a pre-established relationship may use the process referred to as “Diffie-Hellman key exchange” to generate a shared secret. The Diffie-Hellman (DH) key exchange process is a key agreement algorithm or protocol that produces shared secrets between two parties.
However, the DH key exchange process is vulnerable to so-called “man in the middle” (MITM) attacks. The present disclosure describes methods and apparatus which provide for key exchange with reduced or eliminated vulnerability to MITM attacks.