A secure key agreement can ensure confidentiality and data integrity[3] in communications systems, ranging from simple messaging applications to complex banking transactions.
A protocol can be evaluated for success only in the context of its goals and attack model.
The first publicly known[6] public-key agreement protocol that meets the above criteria was the Diffie–Hellman key exchange, in which two parties jointly exponentiate a generator with random numbers, in such a way that an eavesdropper cannot feasibly determine what the resultant shared key is.
SKA contrasts with key-agreement protocols that include techniques from asymmetric cryptography, such as key encapsulation mechanisms.
SKA is concerned with protocols in which the session key is established using only symmetric primitives.
Anonymous key exchange, like Diffie–Hellman, does not provide authentication of the parties, and is thus vulnerable to man-in-the-middle attacks.
However, these systems require care in endorsing the match between identity information and public keys by certificate authorities in order to work properly.
Most practical applications of cryptography use a combination of cryptographic functions to implement an overall system that provides all of the four desirable features of secure communications (confidentiality, integrity, authentication, and non-repudiation).
These are designed to resist man-in-the-middle and other active attacks on the password and the established keys.
In an attempt to avoid using any additional out-of-band authentication factors, Davies and Price proposed the use of the interlock protocol of Ron Rivest and Adi Shamir, which has been subject to both attack and subsequent refinement.