Authenticated Key Exchange with MQV
The Diffie-Hellman method saved the Internet, but it also caused a problem: Eve-in-the-Middle, and where Eve could intercept the key exchange process and spy on the communications. We thus need a method to verify the remote sites we connect to. With TLS, this is one where the server digitally signs data with its private key, and then the client verifies this with the associated public key. But can we authenticate either side within the key exchange process? Well, we can with authenticated key exchange (AKE).
One method is MQV (Menezes–Qu–Vanstone) and which was created by Alfred Menezes, Minghua Qu and Scott Vanstone [1] in 1995. It was integrated into the IEEE P1363 standard and uses points on an elliptic curve to generate a shared key. Overall Bob and Alice will hold a long-term key pair, and where these are then used to generate a shared session key. With the long-term keys, we will have a static key, and the session keys will be ephemeral keys.
MQV (Menezes–Qu–Vanstone) [1] is an authenticated key exchange method. Alice holds a key pair (A,a). With this, a is Alice’s private key, and A=aG is her public key. For Bob, his public key will be B=aG and a private key of b, and where G is the base point on the elliptic curve.
We initially define a function of: