Key Establishment: This is the broader umbrella term that encompasses any protocol by which parties establish a shared secret key. It includes both key agreement and key transport as subcategories. Key establishment is the general goal, while key agreement and key transport are the two main approaches to achieving it.
Key Agreement: A protocol where two or more parties jointly contribute to the establishment of a shared secret key, with all parties having equal influence over the key’s value. Crucially, no single party can predetermine the key value. The most common example is Diffie-Hellman key exchange (also known as Non-Interactive Key Exchange or NIKE for short), where both parties contribute public values, and the resulting shared secret depends on contributions from both sides. Key agreement is typically achieved through asymmetric cryptography.
Key Transport: A protocol where one party generates or already possesses a key and securely transmits it to the other party (or parties). Unlike key agreement, only one party determines the key value. A typical example is encrypting a symmetric session key with the recipient’s public key (as in RSA key transport). The key originator has complete control over the key value. Of notable interest, Key Encapsulation Mechanisms (such as ML-KEM) are Key Transport schemes, but in modern times, they are simply called KEMs and not referred to as Key Transport.
Agreement vs Transport: The key distinction is about who controls the key value: in key agreement, all parties contribute; in key transport, one party chooses and sends; and key establishment is simply the umbrella term for accomplishing either of these goals.
If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now