InterviewStack.io LogoInterviewStack.io

Key Establishment and Agreement Questions

Deep understanding of key exchange mechanisms including Diffie-Hellman, ECDH, and modern constructions using KDFs (HKDF). Understanding of parameter negotiation, protection against downgrade attacks, forward secrecy properties. Knowledge of key confirmation mechanisms and post-handshake key updates. Awareness of post-quantum key exchange candidates and transition strategies.

HardTechnical
100 practiced
Compare formal security models used for key exchange: the CK model, the eCK model, and the Universal Composability (UC) framework. Explain which adversary capabilities each model captures (for example ephemeral key reveal, state reveal) and which security properties like PFS and key-compromise impersonation are expressible in each.
HardTechnical
97 practiced
Given a client advertises supported groups [X25519, secp256r1] and a server responds selecting a group, describe a concrete man-in-the-middle downgrade attack that coerces connections to secp256r1 (assume secp256r1 implementation is known to have an exploitable bug). Explain how the attacker manipulates messages and how to detect and mitigate such attacks in protocol design and implementation.
HardTechnical
77 practiced
Design a hybrid key-exchange composition that combines an IND-CCA secure post-quantum KEM and ECDH so that the final session key remains secure if at least one component remains secure. Provide a formal composition strategy (how to mix secrets with HKDF or PRF) and explain why naive concatenation or XOR can be unsafe.
MediumSystem Design
83 practiced
For a high-throughput TLS server handling millions of short-lived connections daily, compare three server-side strategies: ephemeral-only ECDHE per connection, server-static ECDH (server static key), and ephemeral ECDHE with the server signing the ephemeral key. Analyze CPU cost, PFS guarantees, certificate and signing load, and session-resumption impacts. Recommend a pragmatic approach.
EasyTechnical
82 practiced
In a long-lived connection such as a TLS session, what are post-handshake key updates? Why are they used, and what safety properties must a protocol preserve when performing post-handshake rekey (for example ordering guarantees, rollback prevention, and rate-limiting)?

Unlock Full Question Bank

Get access to hundreds of Key Establishment and Agreement interview questions and detailed answers.

Sign in to Continue

Join thousands of developers preparing for their dream job.