Code360 powered by Coding Ninjas X Code360 powered by Coding Ninjas X
Table of contents
Session Key
Key Agreement Schemes
Diffie-Hellman key agreement
The Station-to-Station(STS) key Agreement Scheme
Known Session key Attack
Two-pass Diffie-Hellman — MTI/A0
Frequently Asked Questions
What are the four principles of cryptography?
What are session attacks?
How do I make my session secure?
What are the six categories of known attack vectors?
What are the two categories of attacks?
Last Updated: Mar 27, 2024

Known Session Key Attacks on MTI/A0

Author Muskan Sharma
0 upvote
Master Python: Predicting weather forecasts
Ashwin Goyal
Product Manager @


Hey Readers!!!

Attacks are really painful. Either a physical attack or an attack on our data.

Do you know how we can avoid attacks?

MTI is there to save you. Not physically, but it helps to save your data from unauthorized users.

Let's learn the defense of our data with the help of MTI.

Known Session Key Attacks on MTI/A0

Session Key

Asymmetric key agreement protocols are multi-party protocols in which two or more parties share information that is made available to the public so that they can use it to produce a common secret key. Only the parties involved in the key generation process are aware of the secret key, known as a session key, which can be used to establish a secure communication channel between the parties.

To allow two parties to construct a common secret session key with their exchanged public information for use with traditional symmetric encryption techniques, Diffie and Hellman established the first practical key agreement mechanism based on the discrete logarithm issue in 1976. However, because its initial protocol does not include participant authentication, it is susceptible to man-in-the-middle attacks.

Also read - active and passive attacks

Get the tech career you deserve, faster!
Connect with our expert counsellors to understand how to hack your way to success
User rating 4.7/5
1:1 doubt support
95% placement record
Akash Pal
Senior Software Engineer
326% Hike After Job Bootcamp
Himanshu Gusain
Programmer Analyst
32 LPA After Job Bootcamp
After Job

Key Agreement Schemes

A trusted authority (TA) is necessary for each type of key distribution to choose keys and give them to network users. We concentrate on key agreement schemes (KAS), where two users can create a new session key using an interactive protocol without the involvement of a TA. Remember that we mostly talk about key agreement mechanisms in the context of public keys.

Diffie-Hellman key agreement

The Diffie-Hellman KAS is the original and best-known key agreement scheme.

Public key cryptography was first realized in this way, published in 1976.

Diffie-Hellman key agreement

The distinction is that, as opposed to being fixed, the exponents aU and aV of users and V, respectively, are randomly selected for each execution of the method. In this design, there are no long-lived keys.

The Diffie-Hellman KAS session ends with U and V having computed the same key.

 Diffie-Hellman KAS session

The desired output, for instance (α, bu, bv). is denoted by CDH (α, bu, bv). Additionally, if the Decision Diffie-Hellman issue is unsolvable, a passive adversary cannot calculate any knowledge of K.

The Station-to-Station(STS) key Agreement Scheme

We outline a modified Diffie-Hellman KAS called an authenticated key agreement system. The technique uses certificates, as is customary, signed by TA. U will have a signature scheme for each user, with a signature method sigU and a verification algorithm verU. Additionally, the TA provides a signature method that uses the verTA public verification algorithm. U has certificates for each user.

The Station-to-Station(STS) key Agreement Scheme

Where ID(U) is certain identification information for U.

We don't have explicit key confirmation because the STS scheme doesn't use the new session key immediately. However, we accomplish the slightly less desirable virtue of implicit key confirmation because both parties sign the transferred exponentials.

Known Session key Attack

The security conclusion demonstrated essentially takes one STS session into account in isolation. However, in a real-world scenario including a network with numerous users, numerous STS sessions involving numerous distinct users. We need to consider the potential impact that several sessions might have on one another to create a strong case for STS's security.

As a result, we look into security under a recognized session key assault.

  • In this case, an opponent named Oscar observes several sessions of a key agreement system called S1, S2,... St.
  • It's possible that Oscar will participate in some of these sessions together with other network users. 
  • We'll assume, out of convenience, that the same group and generator are used during all sessions.
  • We will assume for convenience that all sessions use the same group and the same generator α.

Oscar is permitted to ask for the session keys for sessions S1, S2,..., and St to be revealed as part of the attack model. For some other target session, say S, where Oscar is not a participant, Oscar's objective is to ascertain a session key (or information about a session key). 

Furthermore, it is not necessary for session S to begin after sessions S1, S2,..., and St have ended.

We specifically permit parallel session attacks (which are comparable to those taken into account in the area of identifying techniques).

Against session key attacks that are known to the STS Key Agreement Scheme. Let's say Oscar first watches a session S between users U and V. Except for signatures and certificates, the two values bs,u, and bs,v are communicated during this session. (We include the session name, S, as a subscript to indicate that these values are related to a certain session.) 

Oscar wants to be able to determine at the end a few details regarding the key KS's value as calculated by U and V during session S. Be aware that calculating the key KS is equivalent to resolving the Computational Diffie-Hellman problem, for instance (α,  bs,u, bs,v), or KS = CDH(α,  bs,u, bs,v).

Oscar is free to participate in future sessions to learn more about KS after he obtains the pair (bs,u, bs,v)

However, we only permit Oscar to ask a user in a session S' who "accepts" a key for that session. Since STS is a secure identification mechanism, Oscar cannot be active in a session and request a session key from a user who does not "accept."

Two-pass Diffie-Hellman — MTI/A0

One of the miracles of cybersecurity is the Diffie-Hellman key exchange technique. It is straightforward but quite effective. However, its most basic version lacks security because Alice does not validate the value she receives from Bob, and vice versa, making Eve vulnerable to an Eve-in-the-middle attack. MTI/AO key agreement, in which Bob and Alice's exchange trusted keys once for setup, is one technique to get around this. This passes z a and z b, and each session subsequently passes a pub and b pub's public keys. A summary is as follows:

Two-pass Diffie-Hellman — MTI/A0

Image Source:  Two-pass Diffie-Hellman

The first stage is a one-time configuration in which Alice and Bob decide on a generator value (g) and a prime integer (p). The next step is for Alice and Bob to create their private key. Then Alice transfers her public key of:

 Za= ga(mod p)

Bob gives the following public key:

 Zb= gb(mod p)

Alice generates a random value x, and Bob generates a random value y, when Bob and Alice want to create a new key. Alice gives Bob the public key value of:

 apub= gx(mod p)

Alice receives a public key value from Bob that:

bpub= gy(mod p)

Then Alice creates a shared key of:

Kalice=(bpub)a( Zb)x(mod p)

& Bob produces:

Kbob=(apub)b( Za)y(mod p)


import sys
import random
from Crypto.Util. number import getPrime
from Crypto.Random import get_random_bytes

pbits = 32

q1 = 3
q2 = getPrime(pbits, randfunc=get_random_bytes)
rndm1 = random.randint(1, q2-1)
rndm2 = random.randint(1, q2-1)

powa = pow(q1, rndm1, q2)
powb = pow(q1, rndm2, q2)

print(f"\nAlice's long term private key: {rndm2} & long term public key: {powb}")
print(f"\nBobs's long term private key: {rndm1} & long term public key: {powa}")

randx = random.randint(1, q2-1)
randy = random.randint(1, q2-1)

apow = pow(q1, randx, q2)
bpow = pow(q1, randy, q2)

print(f"\nAlice's session private key: {randy} & session public key: {bpow}")
print(f"\nBobs's session private key: {randx} & session public key: {apow}")

key1 = (pow(bpow, rndm1, q2)*pow(powb, randx, q2))%q2
key2 = (pow(apow, rndm2, q2)*pow(powa, randy, q2))%q2

print(f"\nAlice's Key: {key1}")
print(f"Bob's Key: {key2}")



Frequently Asked Questions

What are the four principles of cryptography?

Authentication, non-repudiation, data confidentiality, and data integrity are the four main principles of cryptography.

What are session attacks?

Hackers use the session attacking technique to access a target's computer or online accounts.

How do I make my session secure?

The information should consist of a meaningless string of characters chosen at random.

What are the six categories of known attack vectors?

Some of the most typical attack vectors are malware, viruses, email attachments, websites, pop-up ads, instant messages, text messages, and social engineering.

What are the two categories of attacks?

Passive and active attacks are two different kinds of security-related attacks.


This blog has extensively Known Session Key Attacks on MTI/A0. This article helped enhance your knowledge about Key Agreement Schemes, The Station-to-Station(STS) key Agreement Scheme, and the known session key attacks.

If you want to learn more deeply, check out the excellent content on the Coding Ninjas Website:

Security of STS in CryptographyMTI Key Agreement Schemes , STS Download.

Refer to our guided paths on the Coding Ninjas Studio platform to learn more about DSA, DBMS, Competitive Programming, Python, Java, JavaScript, etc. 

Refer to the links problemstop 100 SQL problemsresources, and mock tests to enhance your knowledge.

For placement preparations, visit interview experiences and interview bundle.

Thank You

Do upvote our blog to help other ninjas grow. Happy Coding!

Previous article
MTI Key Agreement Schemes
Next article
Deniable Key Agreement Schemes
Live masterclass