learn.equalit.ie - User contributions [en]

Np1sec/Specification

2014-10-21T18:25:20Z

Arlolra:

== Procedures ==

=== Chat setup ===

====Chatroom setup====

{{algorithm-begin|name=Chatroom Init}}
Input: <math>newRoomName</math>,<math>participantNick</math>
'''global''' <math>myId := 1</math>
'''global''' <math>Nick_{myId} := participantNick</math>
'''global''' <math>roomName := newRoomName</math>
'''global''' <math>x_{myId}, y_{myId} :=</math> '''Generate Initial Paramters'''(<math>myId</math>)
'''global''' <math>signatureKey_{myId} := (x_{myId},y_{myId})</math>
<math>participantList := [Nick_{myId}]</math>
<math>ephemeralPublicPointList := [y_{myId}, y_{other}]</math>
{{algorithm-end}}

=== Joining ===

====Join====

{{algorithm-begin|name=Join}}
Input: <math>newRoomName</math>, <math>Nickname_{myId}</math>, <math>participantId</math>
'''global''' <math>myId := participantId</math>
'''global''' <math>roomName := newRoomName</math>
<math>x_{myId}, y_{myId} := </math>'''Generate Initial Paramters'''(<math>myId</math>)
'''global''' <math>signatureKey_{myId} := (x_{myId},y_{myId})</math>
'''Broadcast'''(":3mpCAT:3Join:3", <math>myId</math>, <math>Nickname_{myId}</math>, <math>y_{myId}</math>)
'''global''' <math>participantList, ephemeralPublicPointList :=</math> '''Receive'''()
'''global''' <math>sessionId := </math> '''Compute Session Id'''(<math>roomName</math>, <math>participantList</math>, <math>ephemeralPublicPointList</math>)
'''Sign and Send Key Confirmation and Shares'''()
'''Wait On Receive'''(":3mpCAT:3KeyConfirmationShare:3")
'''global''' <math>keyShareList, keyConfirmationList, signatureList :=</math> '''Receive'''()
'''Verify Key Confirmations and Signatures'''(<math>keyConfirmationList</math>, <math>signatureList</math>)
'''Update Session Key'''()
{{algorithm-end}}

{{algorithm-begin|name=Receive Session Digest}}
Input: <math>currentSessionHistoryDigest</math>
'''global''' <math>sessionDigest := currentSessionHistoryDigest</math>
{{algorithm-end}}

====Protocol for other participants already in the chat to accept the newcomer====


{{algorithm-begin|name=Accept}}
Input: <math>newParticipant</math>
'''Broadcast'''(":3mpCAT:3Join:3", <math>myId</math>, <math>Nickname_{myId}</math>, <math>y_{myId}</math>)
'''Wait On Receive'''(":3mpCAT:3Join:3")
'''global''' <math>nick_{NewParticipant}</math>, <math>ephemeralPublicPoint_{NewParticipant} := </math> '''Receive'''()
'''Update Lists'''(<math>nick_{NewParticipant}</math>, <math>ephemeralPublicPoint_{NewParticipant}</math>)
'''global''' <math>sessionId := </math> '''Compute Session Id'''(<math>roomName</math>, <math>participantList</math>, <math>ephemeralPublicPointList</math>)
'''Sign and Send Key Confirmation and Shares'''()
'''Wait On Receive'''(":3mpCAT:3KeyConfirmationShare:3")
'''global''' <math>keyShareList, keyConfirmationList, signatureList :=</math> '''Receive'''()
'''Verify Key Confirmations and Signatures'''(<math>keyConfirmationList</math>, <math>signatureList</math>)
'''Update Session Key'''()
'''Send'''(<math>sessionDigest</math>)
{{algorithm-end}}

=== Leave ===

====Farewell====

{{algorithm-begin|name=Shrink on Leave}}
Input: <math>leaverId</math>
'''remove''' <math>leaverId</math> from <math>participantIdList</math>
'''global''' <math>sessionId :=</math> '''Compute Session Id'''()
'''if''' <math>|participantList| > 1</math>''', then'''
'''Sign and Send Key Shares'''()
'''Wait On Receive'''(":3mpCAT:3KeyShare:3")
<math>keyShareList</math> := '''Receive'''()
'''Update Session Key'''(<math>keyShareList</math>)
{{algorithm-end}}

{{algorithm-begin|name=Sign and Send Key Shares}}
Input:
'''global''' <math>z_{myId -1, myId} := Hash(k_{myId,myId-1}, sessionId)</math>
'''global''' <math>z_{myId, myId+1} := Hash(k_{myId,myId+1}, sessionId)</math>
<math>keyShare_{myId} := z_{myId -1, myId} \oplus z_{myId, myId+1}</math>
<math>originAuthSignature :=</math> '''ED25519Sign'''(<math>SignatureKey</math>, <math>sessionId</math> || <math>z_{myId}</math>)
'''Broadcast'''(":3mpCAT:3KeyShare:3", <math>myId</math>, <math>keyShare_{myId}</math>, <math>originAuthSignature</math>) # we can send this encrypted but leaving person can read it, hence theoretically it is the same as sending it unencrypted.
{{algorithm-end}}

====Send====

{{algorithm-begin|name=Send}}
----

Input: <math>metaMessage</math>, <math>message</math>
<math>keyShareMessage</math> = '''NewKeyShareMessage'''(<math>metaMessage</math>)
<math>cryptMessage</math> := '''AES CTR Encrypt'''(<math>sessionKey</math>,<math>message | keyShareMessage</math>)
<math>originAuthSignature</math> := '''ED25519Sign'''(<math>SignatureKey</math>, <math>sessionId</math> || <math>cryptMetatMessage</math>)
<math>sessionDigest</math> := '''Compute Session Digest'''(<math>lastMessage</math>)
'''Broadcast'''(":3mpCAT:3", <math>sessionId</math>, <math>cryptMessage</math>, <math>sessionDigest</math>, <math>originAuthSignature</math>,":3")
{{algorithm-end}}

====Receive====

{{algorithm-begin|name=Receive}}
Input: <math>sender</math>, <math>encryptedMessage</math>, <math>originAuthSignature</math>, <math>sessionDigest</math>
<math>v := </math> '''ED25519VerifySignature'''(<math>ephemeralPublicKeyList[Sender]</math>, <math>sessionId || encryptedMessage</math>, <math>originAuthSignature</math>)
'''Assert'''(<math>v</math>) or '''return''' Reject
<math>message, keyShareMessage :=</math> '''AES CTR Decrypt'''(<math>sessionKey</math>, <math>encryptedMessage</math>){}
<math>isMetaMessage = </math>'''UpdateNewKeyStatus'''(<math>keyShareMessage</math>)
'''Verify Digests'''(<math>sessionDiges</math>)
'''return'''{<math>isMetaMessage, message</math>} # isMetaMessage is true if the message is purely meta message and there is nothing to display
{{algorithm-end}}

=== Common functions ===

====Common functions used by other procedures in different stages====

{{algorithm-begin|name=Generate Initial Paramters}}
Input: <math>myId</math>
<math>signaturePrivateKey := </math> '''RandomBits'''(256)
<math>x_{myId} :=</math> '''Ed25519 Scalar'''(<math>signaturePrivateKey</math>)) #{This is both Diffie-Hellman secret and ephemeral signature private key}
<math>y_{myId} := x_{myId}P</math>
'''return''' <math>x,y</math>
{{algorithm-end}}

{{algorithm-begin|name=Verify Key Confirmation and Signatures}}
Input: <math>signatureList</math>, <math>keyConfirmationList</math>
'''for each''' <math>participant \in participantList</math>, '''do'''
'''if''' <math>keyConfirmationList[participant][myId] \neq Hash(k_{myId,participant} , U_{myId} )</math>''', then'''
'''Halt'''()
'''else''' '''if''' '''ED25519VerifySignature'''(<math>ephemeralPublicKeyList[particicpant]</math>, <math>sessionId | keyShares[myId]</math>, <math>originAuthSignature</math>) = Fail ''', then'''
'''Halt'''()
{{algorithm-end}}

{{algorithm-begin|name=Compute Session Id}}
Input: <math>participantList</math>, <math>ephemeralPublicPointList</math>
'''return''' <math>Hash(roomName, zip(participantList, ephemeralPublicPointList))</math> # <math>zip([a,b],[c,d]):=[(a,c),(b,d)]</math>
{{algorithm-end}}

{{algorithm-begin|name=Verify Signatures}}
Input: <math>longPublicList</math>,<math>schnorrRandomPointList</math>,
# standard signature verification
{{algorithm-end}}

{{algorithm-begin|name=Sign and Send Key Confirmation and Share}}
Input: <math>schnorrRandomPointList</math>
'''for each''' <math>participant \in participantList</math>, '''do'''
<math>k_{myId, participant} := Hash(x_{myId}LP_{participant} |lp_{myId}y_{participant} | x_{myId}y_{participant})</math> # Triple DH
<math>kc_{myId} := kc_{myId} | Hash(k_{myId,participant}, U_{participant})</math>
'''global''' <math>z_{myId -1, myId} := Hash(k_{myId,myId-1}, sessionId)</math>
'''global''' <math>z_{myId, myId+1} := Hash(k_{myId,myId+1}, sessionId)</math>
<math>keyShare_{myId} := z_{myId -1, myId} \oplus z_{myId, myId+1}</math>
<math>originAuthSignature :=</math> '''ED25519Sign'''(<math>SignatureKey</math>, <math>sessionId</math> || <math>z_{myId}</math>)
'''Broadcast'''(":3mpCAT:3KeyConfirmationAndShare:3", <math>myId</math>, <math>keyShare_{myId}</math>, <math>originAuthSignature</math>, <math>kc_{myId}</math>)
{{algorithm-end}}

{{algorithm-begin|name=Update Session Key}}
Input: <math>keyShareList</math>
<math>i := myId</math>
'''for each''' <math>{j \in [i,...,i+n-1]}</math>, '''do'''
<math>z_{j,j+1} := z_{j-1,j} \oplus keyShareListe[j+1]</math>
# recovered <math>z_{i-1,i}</math> should be equal to its original value
'''global''' <math>sessionKey := Hash(z_{j,j+1} | j \in [1...n])</math>
{{algorithm-end}}

{{algorithm-begin|name=Sign Params Update Session Key}}
Input: <math>toBeSigned</math>, <math>signatureList</math>,<math>keyShareList</math>
'''Update Session Key'''()
<math>toBeSigned := Hash(sessionId, ||Hash(verifierList, ephemeralPublicPointList, keyShareList)))</math>
<math>signature_{myId} := </math>'''Sign Session and Send'''(<math>toBeSigned</math>)
'''Broadcast'''(":3mpCAT:3SignedSessionParameters:3",<math>signature_{myId}</math>)
{{algorithm-end}}

{{algorithm-begin|name=ComputeSessionDigest}}
Input: <math>lastMessage</math>
'''for each''' <math>message</math> in Messages Received from <math>lastDigestedMessage</math>+1 till <math>lastMessage</math>, '''do'''
<math>sesionDigest := Hash(sessionDigest, message)</math>
'''LRU Cache Store Digest'''(<math>sessionDigest</math>, <math>message</math>)
'''return''' <math>sessionDigest</math>,<math>lastMessageId</math>
{{algorithm-end}}

{{algorithm-begin|name=NewKeyShareMessage}}
Input: <math>metaMessage</math>
# Based on metaMessage Determines what type of keyshare needs to be send (Ephemeral point or Group key share) and returen it.
{{algorithm-end}}

{{algorithm-begin|name=UpdateNewKeyStatus}}
Input: <math>keyShareMessage</math>
# Update the table of which participant has sent its new ephemeral point or its new group key share
{{algorithm-end}}

{{algorithm-begin|name=Hash}}
Input: <math>message</math>
'''return''' '''SHA-256'''(<math>message</math>)
{{algorithm-end}}

[[Category: mpOTR]]

Np1sec/Specification

2014-10-21T17:39:52Z

Arlolra:

== Procedures ==

=== Chat setup ===

====Chatroom setup====

{{algorithm-begin|name=Chatroom Init}}
Input: <math>newRoomName</math>,<math>participantNick</math>
'''global''' <math>myId := 1</math>
'''global''' <math>Nick_{myId} := participantNick</math>
'''global''' <math>roomName := newRoomName</math>
'''global''' <math>x_{myId}, y_{myId} :=</math> '''Generate Initial Paramters'''(<math>myId</math>)
'''global''' <math>signatureKey_{myId} := (x_{myId},y_{myId})</math>
<math>participantList := [Nick_{myId}]</math>
<math>ephemeralPublicPointList := [y_{myId}, y_{other}]</math>
{{algorithm-end}}

=== Joining ===

====Join====

{{algorithm-begin|name=Join}}
Input: <math>newRoomName</math>, <math>Nickname_{myId}</math>, <math>participantId</math>
'''global''' <math>myId := participantId</math>
'''global''' <math>roomName := newRoomName</math>
<math>x_{myId}, y_{myId} := </math>'''Generate Initial Paramters'''(<math>myId</math>)
'''global''' <math>signatureKey_{myId} := (x_{myId},y_{myId})</math>
'''Broadcast'''(":3mpCAT:3Join:3", <math>myId</math>, <math>Nickname_{myId}</math>, <math>y_{myId}</math>)
'''global''' <math>participantList, ephemeralPublicPointList :=</math> '''Receive'''()
'''global''' <math>sessionId := </math> '''Compute Session Id'''(<math>roomName</math>, <math>participantList</math>, <math>ephemeralPublicPointList</math>)
'''Sign and Send Key Confirmation and Shares'''()
'''Wait On Receive'''(":3mpCAT:3KeyConfirmationShare:3")
'''global''' <math>keyShareList, keyConfirmationList, signatureList :=</math> '''Receive'''()
'''Verify Key Confirmations and Signatures'''(<math>keyConfirmationList</math>, <math>signatureList</math>)
'''Update Session Key'''()
{{algorithm-end}}

{{algorithm-begin|name=Receive Session Digest}}
Input: <math>currentSessionHistoryDigest</math>
'''global''' <math>sessionDigest := currentSessionHistoryDigest</math>
{{algorithm-end}}

====Protocol for other participants already in the chat to accept the newcomer====


{{algorithm-begin|name=Accept}}
Input: <math>newParticipant</math>
'''Broadcast'''(":3mpCAT:3Join:3", <math>myId</math>, <math>Nickname_{myId}</math>, <math>y_{myId}</math>)
'''Wait On Receive'''(":3mpCAT:3Join:3")
'''global''' <math>nick_{NewParticipant}</math>, <math>ephemeralPublicPoint_{NewParticipant} := </math> '''Receive'''()
'''Update Lists'''(<math>nick_{NewParticipant}</math>, <math>ephemeralPublicPoint_{NewParticipant}</math>)
'''global''' <math>sessionId := </math> '''Compute Session Id'''(<math>roomName</math>, <math>participantList</math>, <math>ephemeralPublicPointList</math>)
'''Sign and Send Key Confirmation and Shares'''()
'''Wait On Receive'''(":3mpCAT:3KeyConfirmationShare:3")
'''global''' <math>keyShareList, keyConfirmationList, signatureList :=</math> '''Receive'''()
'''Verify Key Confirmations and Signatures'''(<math>keyConfirmationList</math>, <math>signatureList</math>)
'''Update Session Key'''()
'''Send'''(<math>sessionDigest</math>)
{{algorithm-end}}

=== Leave ===

====Farewell====

{{algorithm-begin|name=Shrink on Leave}}
Input: <math>leaverId</math>
'''remove''' <math>leaverId</math> from <math>participantIdList</math>
'''global''' <math>sessionId :=</math> '''Compute Session Id'''()
'''if''' <math>|participantList| > 1</math>''', then'''
'''Sign and Send Key Shares'''()
'''Wait On Receive'''(":3mpCAT:3KeyShare:3")
<math>keyShareList</math> := '''Receive'''()
'''Update Session Key'''(<math>keyShareList</math>)
{{algorithm-end}}

{{algorithm-begin|name=Sign and Send Key Shares}}
Input:
'''global''' <math>z_{myId -1, myId} := Hash(k_{myId,myId-1}, sessionId)</math>
'''global''' <math>z_{myId, myId+1} := Hash(k_{myId,myId+1}, sessionId)</math>
<math>keyShare_{myId} := z_{myId -1, myId} \oplus z_{myId, myId+1}</math>
<math>originAuthSignature :=</math> '''ED25519Sign'''(<math>SignatureKey</math>, <math>sessionId</math> || <math>z_{myId}</math>)
'''Broadcast'''(":3mpCAT:3KeyShare:3", <math>myId</math>, <math>keyShare_{myId}</math>, <math>originAuthSignature</math>) # we can send this encrypted but leaving person can read it, hence theoretically it is the same as sending it unencrypted.
{{algorithm-end}}

====Send====

{{algorithm-begin|name=Send}}
----

Input: <math>metaMessage</math>, <math>message</math>
<math>keyShareMessage</math> = '''NewKeyShareMessage'''(<math>metaMessage</math>)
<math>cryptMessage</math> := '''AES CTR Encrypt'''(<math>sessionKey</math>,<math>message | keyShareMessage</math>)
<math>originAuthSignature</math> := '''ED25519Sign'''(<math>SignatureKey</math>, <math>sessionId</math> || <math>cryptMetatMessage</math>)
<math>sessionDigest</math> := '''Compute Session Digest'''(<math>lastMessage</math>)
'''Broadcast'''(":3mpCAT:3", <math>sessionId</math>, <math>cryptMessage</math>, <math>sessionDigest</math>, <math>originAuthSignature</math>,":3")
{{algorithm-end}}

====Receive====

{{algorithm-begin|name=Receive}}
Input: <math>sender</math>, <math>encryptedMessage</math>, <math>originAuthSignature</math>, <math>sessionDigest</math>
<math>v := </math> '''ED25519VerifySignature'''(<math>ephemeralPublicKeyList[Sender]</math>, <math>sessionId || encryptedMessage</math>, <math>originAuthSignature</math>)
'''Assert'''(<math>v</math>) or '''return''' Reject
<math>message, keyShareMessage :=</math> '''AES CTR Decrypt'''(<math>sessionKey</math>, <math>encryptedMessage</math>){}
<math>isMetaMessage = </math>'''UpdateNewKeyStatus'''(<math>keyShareMessage</math>)
'''Verify Digests'''(<math>sessionDiges</math>)
'''return'''{<math>isMetaMessage, message</math>} # isMetaMessage is true if the message is purely meta message and there is nothing to display
{{algorithm-end}}

=== Common functions ===

====Common functions used by other procedures in different stages====

{{algorithm-begin|name=Generate Initial Paramters}}
Input: <math>myId</math>
<math>signaturePrivateKey := </math> '''RandomBits'''(256)
<math>x_{myId} :=</math> '''Ed25519 Scalar'''(<math>signaturePrivateKey</math>)) #{This is both Diffie-Hellman secret and ephemeral signature private key}
<math>y_{myId} := x_{myId}P</math>
'''return''' <math>x,y</math>
{{algorithm-end}}

{{algorithm-begin|name=Verify Key Confirmation and Signatures}}
Input: <math>signatureList</math>, <math>keyConfirmationList</math>
'''for each''' <math>participant \in participantList</math>, '''do'''
'''if''' <math>keyConfirmationList[participant][myId] \neq Hash(k_{myId,participant} , U_{myId} )</math>''', then'''
'''Halt'''()
'''else''' '''if''' '''ED25519VerifySignature'''(<math>ephemeralPublicKeyList[particicpant]</math>, <math>sessionId | keyShares[myId]</math>, <math>originAuthSignature</math>) = Fail ''', then'''
'''Halt'''()
{{algorithm-end}}

{{algorithm-begin|name=Compute Session Id}}
Input: <math>participantList</math>, <math>ephemeralPublicPointList</math>
'''return''' <math>Hash(roomName, zip(participantList, ephemeralPublicPointList))</math> # <math>zip([a,b],[c,d]):=[(a,c),(b,d)]</math>
{{algorithm-end}}

{{algorithm-begin|name=Verify Signatures}}
Input: <math>longPublicList</math>,<math>schnorrRandomPointList</math>,
# standard signature verification
{{algorithm-end}}

{{algorithm-begin|name=Sign and Send Key Confirmation and Share}}
Input: <math>schnorrRandomPointList</math>
'''for each''' <math>participant \in participantList</math>, '''do'''
<math>k_{myId, participant} := Hash(x_{myId}LP_{participant} |lp_{myId}y_{participant} | x_{myId}y_{participant})</math> # Triple DH
<math>kc_{myId} := kc_{myId} | Hash(k_{myId,participant}, U_{participant})</math>
'''global''' <math>z_{myId -1, myId} := Hash(k_{myId,myId-1}, sessionId)</math>
'''global''' <math>z_{myId, myId+1} := Hash(k_{myId,myId+1}, sessionId)</math>
<math>keyShare_{myId} := z_{myId -1, myId} \oplus z_{myId, myId+1}</math>
<math>originAuthSignature :=</math> '''ED25519Sign'''(<math>SignatureKey</math>, <math>sessionId</math> || <math>z_{myId}</math>)
'''Broadcast'''(":3mpCAT:3KeyConfirmationAndShare:3", <math>myId</math>, <math>keyShare_{myId}</math>, <math>originAuthSignature</math>, <math>kc_{myId}</math>)
{{algorithm-end}}

{{algorithm-begin|name=Update Session Key}}
Input: <math>keyShareList</math>
<math>i := myId</math>
'''for each''' <math>{j \in [i,...,i+n-1]}</math>, '''do'''
<math>z_{j,j+1} := z_{j-1,j} \oplus keyShareListe[j+1]</math>
# recovered <math>z_{i-1,i}</math> should be equal to its original value
'''global''' <math>sessionKey := Hash(z_{j,j+1} | j \in [1...n])</math>
{{algorithm-end}}

{{algorithm-begin|name=Sign Params Update Session Key}}
Input: <math>toBeSigned</math>, <math>signatureList</math>,<math>keyShareList</math>
'''Update Session Key'''()
<math>toBeSigned := Hash(sessionId, ||Hash(verifierList, ephemeralPublicPointList, keyShareList)))</math>
<math>signature_{myId} := </math>'''Sign Session and Send'''(<math>toBeSigned</math>)
'''Broadcast'''(":3mpCAT:3SignedSessionParameters:3",<math>signature_{myId}</math>)
{{algorithm-end}}

{{algorithm-begin|name=ComputeSessionDigest}}
Input: <math>lastMessage</math>
'''for each''' <math>message</math> in Messages Received from <math>lastDigestedMessage</math>+1 till <math>lastMessage</math>, '''do'''
<math>sesionDigest := Hash(sessionDigest, message)</math>
'''LRU Cache Store Digest'''(<math>sessionDigest</math>, <math>message</math>)
'''return''' <math>sessionDigest</math>,<math>lastMessageId</math>
{{algorithm-end}}

{{algorithm-begin|name=NewKeyShareMessage}}
Input: <math>metaMessage</math>
# Based on metaMessage Determines what type of keyshare needs to be send (Ephemeral point or Group key share) and returen it.
{{algorithm-end}}

{{algorithm-begin|name=UpdateNewKeyStatus}}
Input: <math>keyShareMessage</math>
# Update the table of which participant has sent its new ephemeral point or its new group key share
{{algorithm-end}}

{{algorithm-begin|name=Hash}}
Input: <math>message</math>
'''return''' '''SHA-512'''(<math>message</math>)
{{algorithm-end}}

[[Category: mpOTR]]