diff --git a/storage/session.go b/storage/session.go
index 374750db8e5ff31de7ede8c226cbfb0562dc8cbd..daf1d8eff0845f82e7b3f053e1234293929100be 100644
--- a/storage/session.go
+++ b/storage/session.go
@@ -10,6 +10,8 @@
 package storage
 
 import (
+	"gitlab.com/elixxir/crypto/diffieHellman"
+	"math/rand"
 	"sync"
 	"testing"
 	"time"
@@ -230,7 +232,14 @@ func InitTestingSession(i interface{}) Session {
 	kv := versioned.NewKV(ekv.MakeMemstore())
 	s := &session{kv: kv}
 	uid := id.NewIdFromString("zezima", id.User, i)
-	u, err := user.NewUser(kv, uid, uid, []byte("salt"), []byte("salt"), privKey, privKey, false, nil, nil)
+
+	prng := rand.New(rand.NewSource(42))
+	grp := cyclic.NewGroup(large.NewInt(173), large.NewInt(2))
+	dhPrivKey := diffieHellman.GeneratePrivateKey(
+		diffieHellman.DefaultPrivateKeyLength, grp, prng)
+	dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp)
+
+	u, err := user.NewUser(kv, uid, uid, []byte("salt"), []byte("salt"), privKey, privKey, false, dhPrivKey, dhPubKey)
 	if err != nil {
 		jww.FATAL.Panicf("InitTestingSession failed to create dummy user: %+v", err)
 	}
diff --git a/storage/user/cryptographic_test.go b/storage/user/cryptographic_test.go
index 1096ccf683e288ae99577bc14989ab3fd71af599..0b9f92d9525600ad66c7746dbda12fa06fc6a318 100644
--- a/storage/user/cryptographic_test.go
+++ b/storage/user/cryptographic_test.go
@@ -11,7 +11,10 @@ import (
 	"bytes"
 	"crypto/rand"
 	"gitlab.com/elixxir/client/storage/versioned"
+	"gitlab.com/elixxir/crypto/cyclic"
+	"gitlab.com/elixxir/crypto/diffieHellman"
 	"gitlab.com/elixxir/ekv"
+	"gitlab.com/xx_network/crypto/large"
 	"gitlab.com/xx_network/crypto/signature/rsa"
 	"gitlab.com/xx_network/primitives/id"
 	"testing"
@@ -22,11 +25,19 @@ func TestNewCryptographicIdentity(t *testing.T) {
 	kv := versioned.NewKV(ekv.MakeMemstore())
 	uid := id.NewIdFromString("zezima", id.User, t)
 	salt := []byte("salt")
-	_ = newCryptographicIdentity(uid, uid, salt, salt, &rsa.PrivateKey{}, &rsa.PrivateKey{}, false, kv)
 
-	_, err := kv.Get(cryptographicIdentityKey, 0)
+	prng := rand.Reader
+	grp := cyclic.NewGroup(large.NewInt(173), large.NewInt(2))
+	dhPrivKey := diffieHellman.GeneratePrivateKey(
+		diffieHellman.DefaultPrivateKeyLength, grp, prng)
+	dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp)
+
+	_ = newCryptographicIdentity(uid, uid, salt, salt, &rsa.PrivateKey{},
+		&rsa.PrivateKey{}, false, dhPrivKey, dhPubKey, kv)
+
+	_, err := kv.Get(cryptographicIdentityKey, currentCryptographicIdentityVersion)
 	if err != nil {
-		t.Errorf("Did not store cryptographic identity")
+		t.Errorf("Did not store cryptographic identity: %+v", err)
 	}
 }
 
@@ -35,7 +46,15 @@ func TestLoadCryptographicIdentity(t *testing.T) {
 	kv := versioned.NewKV(ekv.MakeMemstore())
 	uid := id.NewIdFromString("zezima", id.User, t)
 	salt := []byte("salt")
-	ci := newCryptographicIdentity(uid, uid, salt, salt, &rsa.PrivateKey{}, &rsa.PrivateKey{}, false, kv)
+
+	prng := rand.Reader
+	grp := cyclic.NewGroup(large.NewInt(173), large.NewInt(2))
+	dhPrivKey := diffieHellman.GeneratePrivateKey(
+		diffieHellman.DefaultPrivateKeyLength, grp, prng)
+	dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp)
+
+	ci := newCryptographicIdentity(uid, uid, salt, salt, &rsa.PrivateKey{},
+		&rsa.PrivateKey{}, false, dhPrivKey, dhPubKey, kv)
 
 	err := ci.save(kv)
 	if err != nil {
@@ -64,7 +83,15 @@ func TestCryptographicIdentity_GetReceptionRSA(t *testing.T) {
 		t.Errorf("Failed to generate pk2")
 	}
 	salt := []byte("salt")
-	ci := newCryptographicIdentity(uid, uid, salt, salt, pk1, pk2, false, kv)
+
+	prng := rand.Reader
+	grp := cyclic.NewGroup(large.NewInt(173), large.NewInt(2))
+	dhPrivKey := diffieHellman.GeneratePrivateKey(
+		diffieHellman.DefaultPrivateKeyLength, grp, prng)
+	dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp)
+
+	ci := newCryptographicIdentity(
+		uid, uid, salt, salt, pk1, pk2, false, dhPrivKey, dhPubKey, kv)
 	if ci.GetReceptionRSA().D != pk2.D {
 		t.Errorf("Did not receive expected RSA key.  Expected: %+v, Received: %+v", pk2, ci.GetReceptionRSA())
 	}
@@ -83,7 +110,15 @@ func TestCryptographicIdentity_GetTransmissionRSA(t *testing.T) {
 		t.Errorf("Failed to generate pk2")
 	}
 	salt := []byte("salt")
-	ci := newCryptographicIdentity(uid, uid, salt, salt, pk1, pk2, false, kv)
+
+	prng := rand.Reader
+	grp := cyclic.NewGroup(large.NewInt(173), large.NewInt(2))
+	dhPrivKey := diffieHellman.GeneratePrivateKey(
+		diffieHellman.DefaultPrivateKeyLength, grp, prng)
+	dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp)
+
+	ci := newCryptographicIdentity(
+		uid, uid, salt, salt, pk1, pk2, false, dhPrivKey, dhPubKey, kv)
 	if ci.GetTransmissionRSA().D != pk1.D {
 		t.Errorf("Did not receive expected RSA key.  Expected: %+v, Received: %+v", pk1, ci.GetTransmissionRSA())
 	}
@@ -95,7 +130,15 @@ func TestCryptographicIdentity_GetTransmissionSalt(t *testing.T) {
 	uid := id.NewIdFromString("zezima", id.User, t)
 	ts := []byte("transmission salt")
 	rs := []byte("reception salt")
-	ci := newCryptographicIdentity(uid, uid, ts, rs, &rsa.PrivateKey{}, &rsa.PrivateKey{}, false, kv)
+
+	prng := rand.Reader
+	grp := cyclic.NewGroup(large.NewInt(173), large.NewInt(2))
+	dhPrivKey := diffieHellman.GeneratePrivateKey(
+		diffieHellman.DefaultPrivateKeyLength, grp, prng)
+	dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp)
+
+	ci := newCryptographicIdentity(uid, uid, ts, rs, &rsa.PrivateKey{},
+		&rsa.PrivateKey{}, false, dhPrivKey, dhPubKey, kv)
 	if bytes.Compare(ci.GetTransmissionSalt(), ts) != 0 {
 		t.Errorf("Did not get expected salt.  Expected: %+v, Received: %+v", ts, ci.GetTransmissionSalt())
 	}
@@ -107,7 +150,15 @@ func TestCryptographicIdentity_GetReceptionSalt(t *testing.T) {
 	uid := id.NewIdFromString("zezima", id.User, t)
 	ts := []byte("transmission salt")
 	rs := []byte("reception salt")
-	ci := newCryptographicIdentity(uid, uid, ts, rs, &rsa.PrivateKey{}, &rsa.PrivateKey{}, false, kv)
+
+	prng := rand.Reader
+	grp := cyclic.NewGroup(large.NewInt(173), large.NewInt(2))
+	dhPrivKey := diffieHellman.GeneratePrivateKey(
+		diffieHellman.DefaultPrivateKeyLength, grp, prng)
+	dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp)
+
+	ci := newCryptographicIdentity(uid, uid, ts, rs, &rsa.PrivateKey{},
+		&rsa.PrivateKey{}, false, dhPrivKey, dhPubKey, kv)
 	if bytes.Compare(ci.GetReceptionSalt(), rs) != 0 {
 		t.Errorf("Did not get expected salt.  Expected: %+v, Received: %+v", rs, ci.GetReceptionSalt())
 	}
@@ -119,7 +170,14 @@ func TestCryptographicIdentity_GetTransmissionID(t *testing.T) {
 	rid := id.NewIdFromString("zezima", id.User, t)
 	tid := id.NewIdFromString("jakexx360", id.User, t)
 	salt := []byte("salt")
-	ci := newCryptographicIdentity(tid, rid, salt, salt, &rsa.PrivateKey{}, &rsa.PrivateKey{}, false, kv)
+
+	prng := rand.Reader
+	grp := cyclic.NewGroup(large.NewInt(173), large.NewInt(2))
+	dhPrivKey := diffieHellman.GeneratePrivateKey(
+		diffieHellman.DefaultPrivateKeyLength, grp, prng)
+	dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp)
+
+	ci := newCryptographicIdentity(tid, rid, salt, salt, &rsa.PrivateKey{}, &rsa.PrivateKey{}, false, dhPrivKey, dhPubKey, kv)
 	if !ci.GetTransmissionID().Cmp(tid) {
 		t.Errorf("Did not receive expected user ID.  Expected: %+v, Received: %+v", tid, ci.GetTransmissionID())
 	}
@@ -131,7 +189,14 @@ func TestCryptographicIdentity_GetReceptionID(t *testing.T) {
 	rid := id.NewIdFromString("zezima", id.User, t)
 	tid := id.NewIdFromString("jakexx360", id.User, t)
 	salt := []byte("salt")
-	ci := newCryptographicIdentity(tid, rid, salt, salt, &rsa.PrivateKey{}, &rsa.PrivateKey{}, false, kv)
+
+	prng := rand.Reader
+	grp := cyclic.NewGroup(large.NewInt(173), large.NewInt(2))
+	dhPrivKey := diffieHellman.GeneratePrivateKey(
+		diffieHellman.DefaultPrivateKeyLength, grp, prng)
+	dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp)
+
+	ci := newCryptographicIdentity(tid, rid, salt, salt, &rsa.PrivateKey{}, &rsa.PrivateKey{}, false, dhPrivKey, dhPubKey, kv)
 	if !ci.GetReceptionID().Cmp(rid) {
 		t.Errorf("Did not receive expected user ID.  Expected: %+v, Received: %+v", rid, ci.GetReceptionID())
 	}
@@ -142,7 +207,14 @@ func TestCryptographicIdentity_IsPrecanned(t *testing.T) {
 	kv := versioned.NewKV(ekv.MakeMemstore())
 	uid := id.NewIdFromString("zezima", id.User, t)
 	salt := []byte("salt")
-	ci := newCryptographicIdentity(uid, uid, salt, salt, &rsa.PrivateKey{}, &rsa.PrivateKey{}, true, kv)
+
+	prng := rand.Reader
+	grp := cyclic.NewGroup(large.NewInt(173), large.NewInt(2))
+	dhPrivKey := diffieHellman.GeneratePrivateKey(
+		diffieHellman.DefaultPrivateKeyLength, grp, prng)
+	dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp)
+
+	ci := newCryptographicIdentity(uid, uid, salt, salt, &rsa.PrivateKey{}, &rsa.PrivateKey{}, true, dhPrivKey, dhPubKey, kv)
 	if !ci.IsPrecanned() {
 		t.Error("I really don't know how this could happen")
 	}
diff --git a/storage/user/registation_test.go b/storage/user/registation_test.go
index cec369ea41ca74c63ea972e3455a4b577ebcd464..346e662758223a755e13c5e19186002ae6b9ec6f 100644
--- a/storage/user/registation_test.go
+++ b/storage/user/registation_test.go
@@ -11,10 +11,14 @@ import (
 	"bytes"
 	"encoding/binary"
 	"gitlab.com/elixxir/client/storage/versioned"
+	"gitlab.com/elixxir/crypto/cyclic"
+	"gitlab.com/elixxir/crypto/diffieHellman"
 	"gitlab.com/elixxir/ekv"
+	"gitlab.com/xx_network/crypto/large"
 	"gitlab.com/xx_network/crypto/signature/rsa"
 	"gitlab.com/xx_network/primitives/id"
 	"gitlab.com/xx_network/primitives/netTime"
+	"math/rand"
 	"testing"
 	"time"
 )
@@ -24,7 +28,15 @@ func TestUser_GetRegistrationValidationSignature(t *testing.T) {
 	kv := versioned.NewKV(ekv.MakeMemstore())
 	uid := id.NewIdFromString("test", id.User, t)
 	salt := []byte("salt")
-	u, err := NewUser(kv, uid, uid, salt, salt, &rsa.PrivateKey{}, &rsa.PrivateKey{}, false)
+
+	prng := rand.New(rand.NewSource(42))
+	grp := cyclic.NewGroup(large.NewInt(173), large.NewInt(2))
+	dhPrivKey := diffieHellman.GeneratePrivateKey(
+		diffieHellman.DefaultPrivateKeyLength, grp, prng)
+	dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp)
+
+	u, err := NewUser(kv, uid, uid, salt, salt, &rsa.PrivateKey{},
+		&rsa.PrivateKey{}, false, dhPrivKey, dhPubKey)
 	if err != nil || u == nil {
 		t.Errorf("Failed to create new user: %+v", err)
 	}
@@ -59,7 +71,15 @@ func TestUser_SetRegistrationValidationSignature(t *testing.T) {
 	kv := versioned.NewKV(ekv.MakeMemstore())
 	uid := id.NewIdFromString("test", id.User, t)
 	salt := []byte("salt")
-	u, err := NewUser(kv, uid, uid, salt, salt, &rsa.PrivateKey{}, &rsa.PrivateKey{}, false)
+
+	prng := rand.New(rand.NewSource(42))
+	grp := cyclic.NewGroup(large.NewInt(173), large.NewInt(2))
+	dhPrivKey := diffieHellman.GeneratePrivateKey(
+		diffieHellman.DefaultPrivateKeyLength, grp, prng)
+	dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp)
+
+	u, err := NewUser(kv, uid, uid, salt, salt, &rsa.PrivateKey{},
+		&rsa.PrivateKey{}, false, dhPrivKey, dhPubKey)
 	if err != nil || u == nil {
 		t.Errorf("Failed to create new user: %+v", err)
 	}
@@ -102,7 +122,15 @@ func TestUser_loadRegistrationValidationSignature(t *testing.T) {
 	kv := versioned.NewKV(ekv.MakeMemstore())
 	uid := id.NewIdFromString("test", id.User, t)
 	salt := []byte("salt")
-	u, err := NewUser(kv, uid, uid, salt, salt, &rsa.PrivateKey{}, &rsa.PrivateKey{}, false)
+
+	prng := rand.New(rand.NewSource(42))
+	grp := cyclic.NewGroup(large.NewInt(173), large.NewInt(2))
+	dhPrivKey := diffieHellman.GeneratePrivateKey(
+		diffieHellman.DefaultPrivateKeyLength, grp, prng)
+	dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp)
+
+	u, err := NewUser(kv, uid, uid, salt, salt, &rsa.PrivateKey{},
+		&rsa.PrivateKey{}, false, dhPrivKey, dhPubKey)
 	if err != nil || u == nil {
 		t.Errorf("Failed to create new user: %+v", err)
 	}
@@ -145,7 +173,15 @@ func TestUser_GetRegistrationTimestamp(t *testing.T) {
 	kv := versioned.NewKV(ekv.MakeMemstore())
 	uid := id.NewIdFromString("test", id.User, t)
 	salt := []byte("salt")
-	u, err := NewUser(kv, uid, uid, salt, salt, &rsa.PrivateKey{}, &rsa.PrivateKey{}, false)
+
+	prng := rand.New(rand.NewSource(42))
+	grp := cyclic.NewGroup(large.NewInt(173), large.NewInt(2))
+	dhPrivKey := diffieHellman.GeneratePrivateKey(
+		diffieHellman.DefaultPrivateKeyLength, grp, prng)
+	dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp)
+
+	u, err := NewUser(kv, uid, uid, salt, salt, &rsa.PrivateKey{},
+		&rsa.PrivateKey{}, false, dhPrivKey, dhPubKey)
 	if err != nil || u == nil {
 		t.Errorf("Failed to create new user: %+v", err)
 	}
@@ -194,7 +230,15 @@ func TestUser_loadRegistrationTimestamp(t *testing.T) {
 	kv := versioned.NewKV(ekv.MakeMemstore())
 	uid := id.NewIdFromString("test", id.User, t)
 	salt := []byte("salt")
-	u, err := NewUser(kv, uid, uid, salt, salt, &rsa.PrivateKey{}, &rsa.PrivateKey{}, false)
+
+	prng := rand.New(rand.NewSource(42))
+	grp := cyclic.NewGroup(large.NewInt(173), large.NewInt(2))
+	dhPrivKey := diffieHellman.GeneratePrivateKey(
+		diffieHellman.DefaultPrivateKeyLength, grp, prng)
+	dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp)
+
+	u, err := NewUser(kv, uid, uid, salt, salt, &rsa.PrivateKey{},
+		&rsa.PrivateKey{}, false, dhPrivKey, dhPubKey)
 	if err != nil || u == nil {
 		t.Errorf("Failed to create new user: %+v", err)
 	}
diff --git a/storage/user/user_test.go b/storage/user/user_test.go
index 01a93088c1e54c7d2b6d03a6d5a6a1cb0cfb8803..9198e48f607e3c25d79d74242f7607819a83efd1 100644
--- a/storage/user/user_test.go
+++ b/storage/user/user_test.go
@@ -9,9 +9,13 @@ package user
 
 import (
 	"gitlab.com/elixxir/client/storage/versioned"
+	"gitlab.com/elixxir/crypto/cyclic"
+	"gitlab.com/elixxir/crypto/diffieHellman"
 	"gitlab.com/elixxir/ekv"
+	"gitlab.com/xx_network/crypto/large"
 	"gitlab.com/xx_network/crypto/signature/rsa"
 	"gitlab.com/xx_network/primitives/id"
+	"math/rand"
 	"testing"
 )
 
@@ -26,7 +30,15 @@ func TestLoadUser(t *testing.T) {
 
 	uid := id.NewIdFromString("test", id.User, t)
 	salt := []byte("salt")
-	ci := newCryptographicIdentity(uid, uid, salt, salt, &rsa.PrivateKey{}, &rsa.PrivateKey{}, false, kv)
+
+	prng := rand.New(rand.NewSource(42))
+	grp := cyclic.NewGroup(large.NewInt(173), large.NewInt(2))
+	dhPrivKey := diffieHellman.GeneratePrivateKey(
+		diffieHellman.DefaultPrivateKeyLength, grp, prng)
+	dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp)
+
+	ci := newCryptographicIdentity(uid, uid, salt, salt, &rsa.PrivateKey{},
+		&rsa.PrivateKey{}, false, dhPrivKey, dhPubKey, kv)
 	err = ci.save(kv)
 	if err != nil {
 		t.Errorf("Failed to save ci to kv: %+v", err)
@@ -43,7 +55,15 @@ func TestNewUser(t *testing.T) {
 	kv := versioned.NewKV(ekv.MakeMemstore())
 	uid := id.NewIdFromString("test", id.User, t)
 	salt := []byte("salt")
-	u, err := NewUser(kv, uid, uid, salt, salt, &rsa.PrivateKey{}, &rsa.PrivateKey{}, false)
+
+	prng := rand.New(rand.NewSource(42))
+	grp := cyclic.NewGroup(large.NewInt(173), large.NewInt(2))
+	dhPrivKey := diffieHellman.GeneratePrivateKey(
+		diffieHellman.DefaultPrivateKeyLength, grp, prng)
+	dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp)
+
+	u, err := NewUser(kv, uid, uid, salt, salt, &rsa.PrivateKey{},
+		&rsa.PrivateKey{}, false, dhPrivKey, dhPubKey)
 	if err != nil || u == nil {
 		t.Errorf("Failed to create new user: %+v", err)
 	}
diff --git a/storage/user/username_test.go b/storage/user/username_test.go
index f4a851145b8296bdab49b07bb6996d51344dc2ae..a52b20ac003d692c38ba632299354bb8ce698faf 100644
--- a/storage/user/username_test.go
+++ b/storage/user/username_test.go
@@ -9,10 +9,14 @@ package user
 
 import (
 	"gitlab.com/elixxir/client/storage/versioned"
+	"gitlab.com/elixxir/crypto/cyclic"
+	"gitlab.com/elixxir/crypto/diffieHellman"
 	"gitlab.com/elixxir/ekv"
+	"gitlab.com/xx_network/crypto/large"
 	"gitlab.com/xx_network/crypto/signature/rsa"
 	"gitlab.com/xx_network/primitives/id"
 	"gitlab.com/xx_network/primitives/netTime"
+	"math/rand"
 	"testing"
 )
 
@@ -23,7 +27,15 @@ func TestUser_SetUsername(t *testing.T) {
 	rid := id.NewIdFromString("recv", id.User, t)
 	tsalt := []byte("tsalt")
 	rsalt := []byte("rsalt")
-	u, err := NewUser(kv, tid, rid, tsalt, rsalt, &rsa.PrivateKey{}, &rsa.PrivateKey{}, false)
+
+	prng := rand.New(rand.NewSource(42))
+	grp := cyclic.NewGroup(large.NewInt(173), large.NewInt(2))
+	dhPrivKey := diffieHellman.GeneratePrivateKey(
+		diffieHellman.DefaultPrivateKeyLength, grp, prng)
+	dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp)
+
+	u, err := NewUser(kv, tid, rid, tsalt, rsalt, &rsa.PrivateKey{},
+		&rsa.PrivateKey{}, false, dhPrivKey, dhPubKey)
 	if err != nil || u == nil {
 		t.Errorf("Failed to create new user: %+v", err)
 	}
@@ -57,7 +69,15 @@ func TestUser_GetUsername(t *testing.T) {
 	rid := id.NewIdFromString("recv", id.User, t)
 	tsalt := []byte("tsalt")
 	rsalt := []byte("rsalt")
-	u, err := NewUser(kv, tid, rid, tsalt, rsalt, &rsa.PrivateKey{}, &rsa.PrivateKey{}, false)
+
+	prng := rand.New(rand.NewSource(42))
+	grp := cyclic.NewGroup(large.NewInt(173), large.NewInt(2))
+	dhPrivKey := diffieHellman.GeneratePrivateKey(
+		diffieHellman.DefaultPrivateKeyLength, grp, prng)
+	dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp)
+
+	u, err := NewUser(kv, tid, rid, tsalt, rsalt, &rsa.PrivateKey{},
+		&rsa.PrivateKey{}, false, dhPrivKey, dhPubKey)
 	if err != nil || u == nil {
 		t.Errorf("Failed to create new user: %+v", err)
 	}
@@ -85,7 +105,15 @@ func TestUser_loadUsername(t *testing.T) {
 	rid := id.NewIdFromString("recv", id.User, t)
 	tsalt := []byte("tsalt")
 	rsalt := []byte("rsalt")
-	u, err := NewUser(kv, tid, rid, tsalt, rsalt, &rsa.PrivateKey{}, &rsa.PrivateKey{}, false)
+
+	prng := rand.New(rand.NewSource(42))
+	grp := cyclic.NewGroup(large.NewInt(173), large.NewInt(2))
+	dhPrivKey := diffieHellman.GeneratePrivateKey(
+		diffieHellman.DefaultPrivateKeyLength, grp, prng)
+	dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp)
+
+	u, err := NewUser(kv, tid, rid, tsalt, rsalt, &rsa.PrivateKey{},
+		&rsa.PrivateKey{}, false, dhPrivKey, dhPubKey)
 	if err != nil || u == nil {
 		t.Errorf("Failed to create new user: %+v", err)
 	}