A recurring problem in symmetric cryptography is the distribution of secret keys. Secret keys are required for symmetric encryption and decryption of messages transmitted over an insecure medium, such as over a wireless radio link or over the Internet. In electronic communications, secret keys are also used to provide a secure integrity check that ensures messages have not been modified during transmission. In addition, electronic communication systems also routinely use knowledge of secret keys to demonstrate proof of identity (authentication).
Unfortunately, it is problematic to distribute a secret key over a communication channel before that communication channel has been secured. The paradox is that the communication channel cannot be secured until the secret key has been distributed—this is the “chicken and egg” problem for symmetric encryption systems. Two methods are in common commercial use for avoiding this problem.
The first commonly-used method of solving the key distribution problem is to switch to a public-key encryption system and avoid the distribution of secret keys. Each party in a public-key communication scheme has two keys: a public key that may be widely known and a private key that is known only to the appropriate party. To communicate with another party, the transmitting party need only have knowledge of the recipient's public key. The recipient is responsible for keeping its private key safe. Public-key cryptography partially solves the initial key distribution problem that plague symmetric encryption algorithms, but the algorithms used for public-key encryption and decryption are computationally intensive. It is not uncommon to see a public-key algorithm operate 100 times slower than a symmetric key algorithm. Public-key algorithms also have limitations on the size of each transmitted message, while these limitations are not generally found in symmetric encryption algorithms.
The second commonly-used method of solving the key distribution problem is to have the communication parties jointly agree upon a secret key without transmitting the secret key over the insecure communication channel. Several algorithms are available and in wide use in commercially-available electronic communication systems today. Most of these algorithms are based upon the infeasibility of performing some types of mathematical operations, such as computing the discrete logarithm of a very large number containing hundreds of digits. In other words, the strength of the key agreement algorithm rests upon the assumption that it is computationally infeasible for an attacker to bypass the algorithm. Because the algorithms are mathematically-based, the possibility exists that a simpler solution may exist, some day be discovered, and be employed. This outcome would negate the effectiveness of the algorithm and thus this method.