Password-authenticated key agreements require that you set a password separately (which may be smaller than a key) in a way that is both private and secure. These are designed to resist man-in-the-middle and other active attacks on the password and established keys. For example, DH-EKE, SPEKE, and SRP are password-authenticated variants of Diffie-Hellman. The Group Key Agreement (GKA) is an extension of the bipartite key agreement to groups of n ? 2 parties: it allows a group composed of several parties to create a shared session key or a conference key on an unprotected network. However, this does not help to solve the problem because the reliability of the CA itself is still not guaranteed for a particular person. This is a form of argument by mistake of authority. Two four-part Password Authentication Key Exchange (PAKE) protocols [YEH 05]: one is the four-part Key Transfer Authentication Protocol (KTAP) and the other is KaAP (Key Agreement Authentication Protocol). However, there is a downside to this protocol as it could be a vulnerable point of attack while it cannot support lawful interception. A variety of cryptographic authentication schemes and protocols are designed to provide authenticated key agreements to prevent man-in-the-middle attacks and related attacks.

.