Asymmetric Key Exchange

• Setup
  • Alice has
    • Her private signing key (BLUE KEY)
    • Bob’s public encryption key (YELLOW KEY)
      • E.g. via X.509 certificate of Bob
  • Bob has
    • Alice’s public signing key (RED KEY)
      • E.g. via X.509 certificate of Alice
    • His private encryption key (GREEN KEY)
• Process
  1. Alice generates a random session key k
  2. Alice encrypts k using Bob’s public key (for confidentiality)
     • Using Asymmetric-Key Encryption
  3. Alice signs the result using her private key (for authenticity)
     • Using Digital Signature Schemes
  4. Alice sends the signed ciphertext to Bob
  5. Bob verifies the signature
  6. Bob decrypts the message to retrieve k
• Limitations:
  • Replay-attack problem:
    • An adversary could resend the message.
    • Solution: Add a challenge-response mechanism.
  • No Perfect Forward Secrecy (PFS)
    • Attacker with access to long term private key can decrypt past messages
• Often used as part of hybrid encryption
  • Encrypt message with AES under random key
  • Encrypt key using public key of recipient

---

Relevant Note(s):