0 Round-Trip Time (0-RTT)
In 0-RTT KE two keys are generated, typically using a Diffie-Hellman key exchange.
The first key is a combination of an ephemeral client share and a long-lived server share.
The second key is computed using an ephemeral server share and the same ephemeral client share.
Google QUIC protocol 如下图所示:
[ACNS 2017] Simple Security Definitions for and Constructions of 0-RTT Key Exchange