To define security of key agreement, we would like to require that the transcript leaks no (useful) information to the eavesdropper about the key. In one library the adversary obtains the key that res...To define security of key agreement, we would like to require that the transcript leaks no (useful) information to the eavesdropper about the key. In one library the adversary obtains the key that resulted from the protocol execution, while in the other library the adversary obtains a totally unrelated key (chosen uniformly from the set \(\Sigma\). \(K\) of possible keys).
