In this paper we propose a number of KEM-based protocols to establish a shared secret between two parties, and study their resistance over unauthenticated channels. This means analyzing the security of the protocol itself, and its robustness against Man-in-the-Middle attacks. We do this by constructing a variation of known unauthenticated models that applies the techniques used to constructed the protocols, and formalize their security under this model. We compare them with their KEX-based counterparts to highlight the differences that arise naturally, due to the nature of KEM constructions, in terms of the protocol itself and the types of attacks that they are subject to. We provide practical go-to KEM-based protocols instances to migrate to, based on the conditions of currently-in-use KEX-based protocols.

翻译：本文提出了一系列基于密钥封装机制（KEM）的协议，用于在两方之间建立共享秘密，并研究了它们在非认证信道上的抗攻击能力。这涉及分析协议本身的安全性及其对中间人攻击的鲁棒性。为此，我们构建了已知非认证模型的一种变体，该变体应用了构建协议时使用的技术，并在此模型下形式化地定义了协议的安全性。我们将所提出的协议与基于密钥交换（KEX）的对应协议进行比较，以凸显出由于KEM构造的本质而在协议本身及其所遭受的攻击类型方面自然产生的差异。基于当前正在使用的KEX协议的条件，我们提供了可直接迁移的实用KEM协议实例。