In this paper we propose a number of KEM-based protocols to establish a shared secret between two parties, and study their resistance over unauthenticated channels. This means analyzing the security of the protocol itself, and its robustness against Man-inthe- Middle attacks. We compare them with their KEX-based counterparts to highlight the differences that arise naturally, due to the nature of KEM constructions, in terms of the protocol itself and the types of attacks that they are subject to. We provide practical go-to KEM-based protocols instances to migrate to, based on the conditions of currently-in-use KEX-based protocols.

翻译：本文提出了一系列基于密钥封装机制（KEM）的协议，用于在两方之间建立共享密钥，并研究了这些协议在非认证信道上的抗攻击能力。具体而言，我们分析了协议本身的安全性及其对中间人攻击的鲁棒性。通过将所提协议与基于密钥交换（KEX）的对应方案进行比较，我们揭示了由于KEM构造的本质差异，在协议自身结构及其所受攻击类型上的自然区别。基于当前广泛使用的KEX协议的实际运行条件，我们提供了可直接迁移的实用化KEM协议实例。