Method for securely negotiating symmetrical keys between two participants in a communication

The invention claimed is: 1 . A method for securely negotiating symmetrical keys between at least two participants of a communication, the method comprising: equipping the at least two participants in pairs with a common secret, wherein the at least two participants are directly equipped in pairs with the common secret or the at least two participants are indirectly equipped with the common secret via a further participant that shares the common secret with the at least two participants; determining that a new symmetrical key or a renewed symmetrical key is required; and deriving, responsive to the determination that the new symmetrical key or the renewed symmetrical key is required, the new symmetrical key or the renewed symmetrical key based on the common secret and one of a plurality of key derivation functions according to a derivation rule, wherein the derivation rule comprises at least one of the plurality of key derivation function, an input and output selection function respectively defining a number of incoming and outgoing bits, and at least one parameter for the at least one of the plurality of key derivation functions, wherein the at least one of the plurality of key derivation functions is a key derivation function used to derive the new or renewed symmetrical key, wherein the key base of the at least one key of the plurality of derivation functions is determined using the input selection function, which selects certain bits of the common secret and leaves the selected bits in an existing order or changing the existing order of the selected bits, and a result of the input selection function is used as the key base of the at least one of the plurality of key derivation functions, wherein the at least two participants are control devices each having a secure hardware security module, and wherein the derivation rule is transmitted from a first one of the at least two participants to a second one of the at least two participants. 2 . The method of claim 1 , wherein the at least one of the plurality of key derivation functions uses a key base, a salt, and an output length as the at least one parameter, the key base is a secret known to the at least two participants or can be derived by a secret known to the at least two participants, the salt is a random or pseudo-random bit string of a predetermined length, and the output length is a natural number specifying a length of an output of the at least one key of the plurality of derivation functions. 3 . The method of claim 2 , wherein the derivation rule further comprises the salt and the output length. 4 . The method of claim 3 , wherein the new or renewed symmetrical key is generated by the derivation rule based on the output selection function selecting certain bits from an output of the key derivation function output length and arranging the selected certain bits in a selected order or in a new order. 5 . The method of claim 3 , wherein the input or output selection function operates as a rearranging selection function as defined by a sequence of bit positions. 6 . The method of claim 3 , wherein the input or output selection function is an order-preserving selection function as defined by a sequence of bit spacings or by bit spacings and corresponding bit quantities. 7 . The method of claim 3 , wherein the input or output selection function is an order-preserving selection function defined by a bit string, wherein bits of the bit string define inclusion or non-inclusion of corresponding bits in the output of the selection function. 8 . The method of claim 3 , wherein the derivation rule is transmitted to the second one of the at least two participants without at least one of the input and output selection functions, wherein, instead of transferring at least one of the selection functions, a reference to a common known input or output selection function is transferred. 9 . The method of claim 3 , wherein different regions of the common secret are used by different input selection functions. 10 . The method of claim 9 , wherein corresponding input selection functions are chosen for several derivation rules in such a way that selection of individual bit positions of the common secret is evenly distributed by the input selection function, or for two random different input selection functions, a number of bit positions of the common secret selected by the two input selection functions is evenly distributed. 11 . The method of claim 9 , wherein the bit positions of the common secret selected by a respective input selection function are set by a random or pseudo-random number generator, wherein bit positions are selected from an entirety of the common secret or from a predetermined region of the common secret. 12 . The method of claim 1 , wherein transferred data is symmetrically authenticated by the key defined by the derivation rule. 13 . The method of claim 12 , wherein the derivation rule is part of the data authenticated by the key defined by the derivation rule. 14 . The method of claim 1 , wherein the derivation rule is transferred as an unencrypted part of a message encrypted with the key defined by the derivation rule. 15 . The method of claim 1 , wherein one of the at least two participants or the further participant is a central confidential authority.