Two-pass Diffie-Hellman — MTI/A0, MTI/B0 and MTI/C0
The Diffie-Hellman key exchange method is one of the great wonders of cybersecurity. It is simple, but it works so well. But, in its basic form it is weak from a security point-of-view, as Eve can perform an Eve-in-the-middle attack, as Alice does not authenticate the value received from Bob, and vice-versa. One way to overcome this is MTI/AO key agreement, and where Bob and Alice perform a trusted key exchange for a one-time setup. This passes z_a and z_b, and then each session passes public keys of a_pub and b_pub. An outline is:
The first phase is a one-time setup, and where Alice and Bob agree on a generator value (g) and a prime number (p). Next Alice generates a private key of a and Bob generates a private key of b. Alice then passes her public key of:
Bob passes his public key of:
When Bob and Alice want to generate a new key, Alice generates a random value x and Bob generates a random value y . Alice sends a public key value to Bob of:
Bob sends a public key value to Alice of:
Alice then generates a shared key of: