Key exchange

In principle, the only remaining problem was to be sure (or at least confident) that a public key actually belonged to its supposed owner.

Because it is possible to 'spoof' another's identity in any of several ways, this is not a trivial or easily solved problem, particularly when the two users involved have never met and know nothing about each other.

The protocol enables users to securely exchange secret keys even if an opponent is monitoring that communication channel.

The D–H key exchange protocol, however, does not by itself address authentication (i.e. the problem of being sure of the actual identity of the person or 'entity' at the other end of the communication channel).

Authentication is crucial when an opponent can both monitor and alter messages within the communication channel (AKA man-in-the-middle or MITM attacks) and was addressed in the fourth section of the paper.

[2] Public key infrastructures (PKIs) have been proposed as a workaround for the problem of identity authentication.

[3][4][5] For those new to such things, these arrangements are best thought of as electronic notary endorsements that “this public key belongs to this user”.

[6][7] At the other end of the conceptual range is the web of trust system, which avoids central Certificate Authorities entirely.

PGP and GPG (an implementation of the OpenPGP Internet Standard) employ just such a web of trust mechanism.

Beside the correctness and completeness of quantum mechanics, the protocol assumes the availability of an authenticated channel between Alice and Bob.

In the Diffie–Hellman key exchange scheme, each party generates a public/private key pair and distributes the public key. After obtaining an authentic copy of each other's public keys, Alice and Bob can compute a shared secret offline. The shared secret can be used, for instance, as the key for a symmetric cipher .