Code360 powered by Coding Ninjas X Code360 powered by Coding Ninjas X
Table of contents
Key Agreement Schemes
Transport Layer Security(TLS)
Diffie-Hellman key agreement.
The Station-to-Station(STS) key Agreement Scheme
Known Session Key Attack
Main Goal of Key Agreement
Attackers Model
Frequently Asked Questions
What is a key agreement scheme?
What are the types of key agreement protocols?
Is RSA a key agreement protocol?
What is the difference between a protocol and an Agreement?
Is TLS using AES?
Last Updated: Mar 27, 2024

MTI Key Agreement Schemes

Author Muskan Sharma
0 upvote
Master Python: Predicting weather forecasts
Ashwin Goyal
Product Manager @


Hey Readers!!!

Do you know what the MTI Key agreement is?

It's the same type of Agreement that you see at your home, but the basic difference is that it is an agreement in software between two users.

In this article, you will learn about this.

Let’s begin!!!

MTI Key Agreement Schemes

Key Agreement Schemes

A trusted authority (TA) is necessary for each type of key distribution to choose keys and give them to network users. We concentrate on key agreement schemes (KAS), where two users can create a new session key using an interactive protocol without the involvement of a TA. Remember that we mostly talk about key agreement mechanisms in the context of public keys.

Get the tech career you deserve, faster!
Connect with our expert counsellors to understand how to hack your way to success
User rating 4.7/5
1:1 doubt support
95% placement record
Akash Pal
Senior Software Engineer
326% Hike After Job Bootcamp
Himanshu Gusain
Programmer Analyst
32 LPA After Job Bootcamp
After Job

Transport Layer Security(TLS)

Transport Layer Security is one of the most often utilized key agreement protocols in real-world applications (TLS). We talk about this as our first illustration. For instance, a TLS session can enable online transactions from a company's website using a web browser. Let's say, Alice, a client, wishes to order something from a server (Bob, Inc.). The client and server must establish a session key using the proper key agreement technique. The TLS protocol supports a variety of techniques.

Transport Layer Security(TLS)

Here is what happens : 

  1. First, a brief introduction is given by Alice and Bob, Inc. There are no cryptographic tools used in this step, known as a "hello." The specified cryptographic techniques that will be used in the remaining portions of the protocol are also decided upon at this point by Alice and Bob, Inc.
  2. Then Bob Inc. verifies his identity to Alice by sending her a certificate, including a copy of his public key, abbreviated PK, validated by a reliable certification authority, abbreviated CA. 
  3. Using the CA's public verification key (which would have been included with the web browser software running on Alice's PC), Alice validates the CA's signature on PK.
  4. The next step is for Alice and Bob, Inc. to identify two shared secret keys. Using a suitable pseudorandom number generator, Alice creates a random master secret, MS. Using Bob, Inc.'s public key, she encrypts MS and transmits Bob, Inc., the ciphertext it produces. Bob, Inc. decrypts the ciphertext and retrieves MS.
  5. The identical keys, K1 and K2, are now generated independently by Alice and Bob Inc. from MS. A predetermined key derivation function, abbreviated KDF, will be used in this stage. The function KDF is typically based on a hash function. 

This is an example of key transit since the keys produced are determined by just one party—Alice.

The two secret keys that Alice and Bob, Inc. have discovered are used to authenticate and encrypt the messages they send to one another. The key K2 would encrypt and decode data using a secret key cryptosystem, whereas the key K1 would authenticate data using a message authentication code. As a result, Alice and Bob, Inc. can securely communicate thanks to the TLS protocol.

Diffie-Hellman key agreement.

The Diffie-Hellman KAS is the original and best-known key agreement scheme.

Public key cryptography was first realized in this way, published in 1976.

Diffie-Hellman key agreement.

The distinction is that, as opposed to being fixed, the exponents aU and aV of users U and V, respectively, are randomly selected for each execution of the method. In this design, there are no long-lived keys.

The Diffie-Hellman KAS session ends with U and V having computed the same key.

Diffie-Hellman KAS

The desired output, for instance (α, bU, bV). is denoted by CDH (α, bU, bV).

Additionally, if the Decision Diffie-Hellman issue is unsolvable, a passive adversary cannot calculate any knowledge of K.

The Station-to-Station(STS) key Agreement Scheme

We outline a modified Diffie-Hellman KAS called an authenticated key agreement system. The technique uses certificates, as is customary, signed by TA. U will have a signature scheme for each user, with a signature method sigU and a verification algorithm verU. Additionally, the TA provides a signature method that uses the verTA public verification algorithm. U has certificates for each user.

The Station-to-Station(STS) key Agreement Scheme

Where ID(U) is certain identification information for U.

We don't have explicit key confirmation because the STS scheme needs to use the new session key immediately. However, we accomplish the slightly less desirable virtue of implicit key confirmation because both parties sign the transferred exponentials.

Known Session Key Attack

The security conclusion demonstrated essentially takes one STS session into account in isolation. However, in a real-world scenario including a network with numerous users, numerous STS sessions involving numerous distinct users. We need to consider the potential impact that several sessions might have on one another to create a strong case for STS's security.

As a result, we look into security under a recognized session key assault.

  • In this case, an opponent named Oscar observes a number of sessions of a key agreement system called S1, S2,... St.
  • Oscar may participate in some of these sessions together with other network users. 
  • We'll assume, out of convenience, that the same group and generator are used during all sessions.
  • We will assume for convenience that all sessions use the same group and the same generator α.

Oscar is permitted to ask for the session keys for sessions S1, S2,..., and St to be revealed as part of the attack model. For some other target session, say S, where Oscar is not a participant, Oscar's objective is to ascertain a session key (or information about a session key). 

Furthermore, it is not necessary for session S to begin after sessions S1, S2,..., and St have ended.

We specifically permit parallel session attacks (which are comparable to those taken into account in the area of identifying techniques).

Against session key attacks that are known to the STS Key Agreement Scheme. Let's say Oscar first watches a session S between users U and V. Except for signatures and certificates, the two values bs,u, and bs,v are communicated during this session. (We include the session name, S, as a subscript to indicate that these values are related to a certain session.) 

Oscar wants to be able to determine at the end a few details regarding the key KS's value as calculated by U and V during session S. Be aware that calculating the key KS is equivalent to resolving the Computational Diffie-Hellman problem, for instance (α,  bs,u, bs,v), or KS = CDH(α,  bs,u, bs,v).

Oscar is free to participate in future sessions to learn more about KS after he obtains the pair (bs,u, bs,v)

However, we only permit Oscar to ask a user in a session S’ who accepts the key for that session. Since STS is a secure identification mechanism, Oscar cannot be active in a session and then request a session key from a user who does not accept it.

Also read - active and passive attacks

Main Goal of Key Agreement

Following a transaction:

  • Two parties share a key K
  • No one else is aware of the worth of K.
  • Privacy

Occasionally wanting more Mutual recognition

No honest participant in a scheme session will accept following any interaction in which an adversary is active.

Attackers Model

Possibly a user of the system:

  • Internal vs external attacker

Either active or passive:

  • Messages can be changed in route (including being intercepted)
  • Saved for later use
  • Tried to be used by another user.

Frequently Asked Questions

What is a key agreement scheme?

A key-agreement protocol in cryptography allows two or more parties to agree on a key so that both parties can influence the result.

What are the types of key agreement protocols?

Key agreement protocols frequently used include Diffie-Hellman and those built on RSA or ECC.

Is RSA a key agreement protocol?

Public-key cryptography, such as RSA, is a technique for securing communication between many parties.

What is the difference between a protocol and an Agreement?

Protocol refers to less formal agreements than "treaty" or "convention.".

Is TLS using AES?

It is frequently regarded as the industry standard for symmetric-key encryption, and many security-conscious firms mandate that all internal communications be conducted with AES-256. It plays a significant role in TLS as well.


This blog has extensively discussed MTI Key Agreement Schemes. This article helped enhance your knowledge about TLS, the Diffie-Hellman key Agreement, the Main Goal of the Key Agreement, and the attacker's model.

If you want to learn more deeply, check out the excellent content on the Coding Ninjas Website:

Security of STS in Cryptography , Known Session Key Attacks on MTI/A0, STS Download.

Refer to our guided paths on the Coding Ninjas Studio platform to learn more about DSA, DBMS, Competitive Programming, Python, Java, JavaScript, etc. 

Refer to the links problemstop 100 SQL problemsresources, and mock tests to enhance your knowledge.

For placement preparations, visit interview experiences and interview bundle.

Thank You

Do upvote our blog to help other ninjas grow. Happy Coding!

Previous article
Key Derivation Functions
Next article
Known Session Key Attacks on MTI/A0
Live masterclass