**The symmetric cipher uses a secret key to encrypt and decrypt data. Which of the following has the least overhead in negotiating a shared key between two communication parties? (Wentz QOTD)**

A. Web of trust

B. Diffie-Hellman

C. Trusted couriers

D. Public key infrastructure

**Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.**

My suggested answer is B. Diffie-Hellman.

Key distribution is the process of sending cryptographic keys from one party to another. Both symmetric and asymmetric cryptography are facing key distribution challenges. This question asks about shared key distribution in symmetric cryptography.

- The recipient’s public key in a
**certificate**managed by the web of trust or the X.509 public key infrastructure (PKI) is typically used to encrypt the pre-determined, instead of negotiated or agreed-upon shared key. Certificate and infrastructure management is the primary overhead. - Diffie-Hellman is a public key-based protocol that supports the
**key agreement**(shared keys are generated and agreed) without the**overhead**of certificate management.

## The Distribution of Secret Keys

A secret key can either be pre-determined by one party and sent to the other party or negotiated and agreed upon between both parties. The author calls the former pre-determined approach as “**key exchange**,” while the latter agreed-upon approach as “**key agreement**.” However, it’s not uncommon for people to refer to “key exchange” as an umbrella term covering both approaches.

**Key exchange**: One party**generates**the key and sends it to the other party; The other party does not influence the key. e.g.,**Public Key Encryption**.**Key agreement**: Both of the two parties can agree on a key in such a way that both influence the outcome. e.g.,**Diffie-Hellman**.

## The Distribution of Public Keys

The distribution of public keys used in asymmetric cryptography can be achieved by the following general schemes:

- Public announcement (web of trust)
- Publicly available
**directory** - Public-key
**authority** - Public-key
**certificates**(chain of trust)

## Diffie-Hellman Protocol

# Reference

- NIST Cryptographic Standards and Guidelines
- Diffie Hellman groups (IBM)
- Distribution of Public Keys
- Diffie-Hellman Protocol
- Diffie-Hellman (brilliant)
- Algebraic generalization of Diffie–Hellman key exchange
- Diffie Hellman -the Mathematics bit- Computerphile
- The Mathematics of Diffie-Hellman Key Exchange | Infinite Series
- This Video was Not Encrypted with RSA | Infinite Series
- How to Break Cryptography | Infinite Series
- Do you require a special type of certificate for using Diffie Hellman as the key exchange protocol in SSL?

# A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, *The Effective CISSP: Security and Risk Management*, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.

**對稱式加密器(cipher)使用密鑰來加密和解密數據。在協商兩個通信方之間的共享密鑰時，以下哪項額外負擔最小？ (Wentz QOTD)**

A. Web of trust

B. Diffie-Hellman

C. Trusted couriers

D. Public key infrastructure

Pingback: 密鑰協商-Diffie-Hellman – Choson資安大小事