Difference between revisions of "Np1sec/algebraic"

(Receive)
m (Dmitri moved page MpOTR/algebraic to Np1sec/algebraic)
 
(2 intermediate revisions by one other user not shown)
Line 201: Line 201:
 
|align="right"| check signature
 
|align="right"| check signature
 
|align="center"|<math> verify(m,\sigma) </math>
 
|align="center"|<math> verify(m,\sigma) </math>
 +
|-
 +
|align="right"| update message block chain
 +
|align="center"|<math> Insert(BlackChain_{sid}, m) </math>
 
|-
 
|-
 
|align="right"| decrypt messagen
 
|align="right"| decrypt messagen
Line 217: Line 220:
 
|align="center"|<math>m</math>
 
|align="center"|<math>m</math>
 
|}
 
|}
 +
 +
[[Category: mpOTR]]

Latest revision as of 18:46, 2 December 2014

Chatroom Setup

Description Pseudo-code
Generate ephemeral DH private key of the room initiator x_{i}\leftarrow [0,order(g)]
Generate DH key for BD, Triple DH and Signature y_{i}\leftarrow g^{{x_{i}}}
Set participant list plist\leftarrow [U_{i}]

Join

Description Pseudo-code
Generate ephemeral DH private key x_{i}\leftarrow [0,order(g)]
Generate DH key for BD, Triple DH and Signature y_{i}\leftarrow g^{{x_{i}}}
Broadcast User identity and the DH key (U_{i},y_{i})
Receive other users' id/key plist_{i}|klist_{i}\leftarrow (U_{1}|y_{1}|\dots |U_{n}|y_{n})\cup (U_{i},y_{i})
Compute Session Id sid_{i}\leftarrow H(U_{1}|y_{1}|\dots |U_{n}|y_{n})
Generate Triple Diffie-Hellman P2P keys k_{{i,j}}\leftarrow H({y_{j}}^{{lp_{i}}},LP_{j}^{{x_{i}}},y_{j}^{{x_{i}}})}}
Generate key confirmations kc_{i}\leftarrow (H(k_{{i,1}},U_{1}),\dots ,H(k_{{i,n}},U_{n}))}}
Generate secret shares z'_{{i,l}}\leftarrow H(k_{{i,i-1}},sid_{i}),z'_{{i,r}}\leftarrow H(k_{{i,i+1}},sid_{i})
Generate public shares z_{i}\leftarrow z'_{{i,l}}\oplus z'_{{i,r}}
Sign identity, shares \sigma _{i}\leftarrow Sign_{{x_{i}}}(U_{i},z_{i},sid)
Broadcast key shares and confirmation (U_{i},z_{i},\sigma _{i},kc_{i})
Receive other users' key shares and confirmation (U_{1}|z_{1},\sigma _{1},kc_{{1i}},\dots U_{n}|z_{n},\sigma _{n},kc_{{ni}})
Check validity of key confirmation kc_{i}[j]==H(k_{{j,i}},U_{j}){\textrm {for}}j\in \{1,\dots ,n\}
Check public shares z_{1}\oplus \dots \oplus z_{n}==0
Check signatures verify_{{y_{i}}}(\sigma _{j}){\textrm {for}}j\in \{1,\dots ,n\}
Recover secret shares z'_{{j,r}}\leftarrow z'_{{j-1,r}}\oplus z_{j}
Generate session key k_{i}\leftarrow H(z'_{{1,r}}\dots z'_{{n,r}},sid_{i})
Broadcast session key confirmation skc_{i}\leftarrow H(k_{i},sid_{i},U_{i})

Accept

Description Pseudo-code
broadcast all user's identities (U_{1}|y_{1}|\dots |U_{n}|y_{n})
Receive other users' id/key and update participant list (plist_{i}|klist_{i})\cup (U_{j}|y_{j})
Compute Session Id sid_{i}\leftarrow H(U_{1}|y_{1}|\dots |U_{n}|y_{n})
Generate Triple Diffie-Hellman P2P key for the new participant k_{{i,j}}\leftarrow H({y_{j}}^{{lp_{i}}},LP_{j}^{{x_{i}}},y_{j}^{{x_{i}}})
Generate key confirmations kc_{{i,j}}\leftarrow H(k_{{i,j}},U_{i})
Generate secret shares z'_{{i,l}}\leftarrow H(k_{{i,i-1}},sid_{i}),z'_{{i,r}}\leftarrow H(k_{{i,i+1}},sid_{i})
Generate public shares z_{i}\leftarrow z'_{{i,l}}\oplus z'_{{i,r}}
Sign identity, shares \sigma _{i}\leftarrow Sign_{{x_{i}}}(U_{i},z_{i},sid)
Broadcast key shares and confirmation (U_{i},z_{i},\sigma _{i},kc_{i})
Receive other users' key shares and new users confirmation (U_{1}|z_{1},\sigma _{1},\dots U_{n}|z_{n},\sigma _{n}),kc_{{i,j}}
Check validity of key confirmation kc_{{j,i}}==H(k_{{i,j}},U_{j})
Check public shares z_{1}\oplus \dots \oplus z_{n}==0
Check signatures verify_{{y_{i}}}(\sigma _{j}){\textrm {for}}j\in \{1,\dots ,n\}
Recover secret shares z'_{{j,r}}\leftarrow z'_{{j-1,r}}\oplus z_{j}
Generate session key k_{i}\leftarrow H(z'_{{1,r}}\dots z'_{{n,r}},sid_{i})
Broadcast session key confirmation skc_{i}\leftarrow H(k_{i},sid_{i},U_{i})

Leave

Description Pseudo-code
Remove leaving user's id/key and update participant list (plist_{i}|klist_{i})\backslash (U_{j}|y_{j})
Compute Session Id sid_{i}\leftarrow H(U_{1}|y_{1}|\dots |U_{n}|y_{n})
Generate secret shares z'_{{i,l}}\leftarrow H(k_{{i,i-1}},sid_{i}),z'_{{i,r}}\leftarrow H(k_{{i,i+1}},sid_{i})
Generate public shares z_{i}\leftarrow z'_{{i,l}}\oplus z'_{{i,r}}
Sign identity, shares \sigma _{i}\leftarrow Sign_{{x_{i}}}(U_{i},z_{i},sid)
Broadcast key shares (U_{i},z_{i},\sigma _{i})
Receive other users' key shares (U_{1}|z_{1},\sigma _{1},\dots U_{n}|z_{n},\sigma _{n})
Check public shares z_{1}\oplus \dots \oplus z_{n}==0
Check signatures verify_{{y_{i}}}(\sigma _{j}){\textrm {for}}j\in \{1,\dots ,n\}
Recover secret shares z'_{{j,r}}\leftarrow z'_{{j-1,r}}\oplus z_{j}
Generate session key k_{i}\leftarrow H(z'_{{1,r}}\dots z'_{{n,r}},sid_{i})
Broadcast session key confirmation skc_{i}\leftarrow H(k_{i},sid_{i},U_{i})

Send

Description Pseudo-code
Generate new DH Key or new key share if needed and append m\leftarrow (sid,s,m)
Append the hash of the session digest up to parent of current message m\leftarrow (m,Digest(parent(m)),parent\_id)
Sign the message \sigma \leftarrow Sign_{{x_{i}}}(m)
Encrypt e\leftarrow Enc_{{k_{{sid}}}}(m)
Broadcast the message (sid_{i},e,\sigma )

Receive

Description Pseudo-code
check signature verify(m,\sigma )
update message block chain Insert(BlackChain_{{sid}},m)
decrypt messagen sid_{{rec}},s,m,h,parent\_id\leftarrow Dec_{k}(m)
Verify session id and hash sid_{i}==sid_{{rec}}\;{\textrm {and}}\;h==Digest(parent\_id)
Update sender key or share key y_{j}\leftarrow s\;{\textrm {or}}\;z_{{j}}\leftarrow s
if all users' share are received session key k_{i}\leftarrow ComputeSessionKey(z_{1},...,z_{n})
return m m
Retrieved from "https://learn.equalit.ie/mw/index.php?title=Np1sec/algebraic&oldid=1558"