As defined by , an unknown key-share (UKS) attack on an authenticated

key agreement In cryptography, a key-agreement protocol is a protocol whereby two (or more) parties generate a cryptographic Key (cryptography), key as a function of information provided by each honest party so that no party can predetermine the resulting value ...

(AK) or authenticated key agreement with key confirmation (AKC) protocol is an attack whereby an entity

A

ends up believing she shares a key with

B

, and although this is in fact the case,

B

mistakenly believes the key is instead shared with an entity

E \neq A

. In other words, in a UKS, an opponent, say Eve, coerces honest parties Alice and Bob into establishing a secret key where at least one of Alice and Bob does not know that the secret key is shared with the other. For example, Eve may coerce Bob into believing he shares the key with Eve, while he actually shares the key with Alice. The “key share” with Alice is thus unknown to Bob.

References

*{{ Citation , last1 = Blake-Wilson , first1 = S. , last2 = Menezes , first2 = A. , contribution = Unknown Key-Share Attacks on the Station-to-Station (STS) Protocol , url = http://cacr.uwaterloo.ca/techreports/1998/corr98-42.pdf , title = Public Key Cryptography , series = Lecture Notes in Computer Science , volume = 1560 , pages = 154–170 , year = 1999 , publisher = Springer Cryptography