Difference between revisions of "Np1sec/algebraic"

Latest revision as of 18:46, 2 December 2014

Chatroom Setup

Description	Pseudo-code
Generate ephemeral DH private key of the room initiator	$x_{i}\leftarrow [0,order(g)]$
Generate DH key for BD, Triple DH and Signature	$y_{i}\leftarrow g^{{x_{i}}}$
Set participant list	$plist\leftarrow [U_{i}]$

Join

Description	Pseudo-code
Generate ephemeral DH private key	$x_{i}\leftarrow [0,order(g)]$
Generate DH key for BD, Triple DH and Signature	$y_{i}\leftarrow g^{{x_{i}}}$
Broadcast User identity and the DH key	$(U_{i},y_{i})$
Receive other users' id/key	$plist_{i}\|klist_{i}\leftarrow (U_{1}\|y_{1}\|\dots \|U_{n}\|y_{n})\cup (U_{i},y_{i})$
Compute Session Id	$sid_{i}\leftarrow H(U_{1}\|y_{1}\|\dots \|U_{n}\|y_{n})$
Generate Triple Diffie-Hellman P2P keys	$k_{{i,j}}\leftarrow H({y_{j}}^{{lp_{i}}},LP_{j}^{{x_{i}}},y_{j}^{{x_{i}}})$ }}
Generate key confirmations	$kc_{i}\leftarrow (H(k_{{i,1}},U_{1}),\dots ,H(k_{{i,n}},U_{n}))$ }}
Generate secret shares	$z'_{{i,l}}\leftarrow H(k_{{i,i-1}},sid_{i}),z'_{{i,r}}\leftarrow H(k_{{i,i+1}},sid_{i})$
Generate public shares	$z_{i}\leftarrow z'_{{i,l}}\oplus z'_{{i,r}}$
Sign identity, shares	$\sigma _{i}\leftarrow Sign_{{x_{i}}}(U_{i},z_{i},sid)$
Broadcast key shares and confirmation	$(U_{i},z_{i},\sigma _{i},kc_{i})$
Receive other users' key shares and confirmation	$(U_{1}\|z_{1},\sigma _{1},kc_{{1i}},\dots U_{n}\|z_{n},\sigma _{n},kc_{{ni}})$
Check validity of key confirmation	$kc_{i}[j]==H(k_{{j,i}},U_{j}){\textrm {for}}j\in \{1,\dots ,n\}$
Check public shares	$z_{1}\oplus \dots \oplus z_{n}==0$
Check signatures	$verify_{{y_{i}}}(\sigma _{j}){\textrm {for}}j\in \{1,\dots ,n\}$
Recover secret shares	$z'_{{j,r}}\leftarrow z'_{{j-1,r}}\oplus z_{j}$
Generate session key	$k_{i}\leftarrow H(z'_{{1,r}}\dots z'_{{n,r}},sid_{i})$
Broadcast session key confirmation	$skc_{i}\leftarrow H(k_{i},sid_{i},U_{i})$

Accept

Description	Pseudo-code
broadcast all user's identities	$(U_{1}\|y_{1}\|\dots \|U_{n}\|y_{n})$
Receive other users' id/key and update participant list	$(plist_{i}\|klist_{i})\cup (U_{j}\|y_{j})$
Compute Session Id	$sid_{i}\leftarrow H(U_{1}\|y_{1}\|\dots \|U_{n}\|y_{n})$
Generate Triple Diffie-Hellman P2P key for the new participant	$k_{{i,j}}\leftarrow H({y_{j}}^{{lp_{i}}},LP_{j}^{{x_{i}}},y_{j}^{{x_{i}}})$
Generate key confirmations	$kc_{{i,j}}\leftarrow H(k_{{i,j}},U_{i})$
Generate secret shares	$z'_{{i,l}}\leftarrow H(k_{{i,i-1}},sid_{i}),z'_{{i,r}}\leftarrow H(k_{{i,i+1}},sid_{i})$
Generate public shares	$z_{i}\leftarrow z'_{{i,l}}\oplus z'_{{i,r}}$
Sign identity, shares	$\sigma _{i}\leftarrow Sign_{{x_{i}}}(U_{i},z_{i},sid)$
Broadcast key shares and confirmation	$(U_{i},z_{i},\sigma _{i},kc_{i})$
Receive other users' key shares and new users confirmation	$(U_{1}\|z_{1},\sigma _{1},\dots U_{n}\|z_{n},\sigma _{n}),kc_{{i,j}}$
Check validity of key confirmation	$kc_{{j,i}}==H(k_{{i,j}},U_{j})$
Check public shares	$z_{1}\oplus \dots \oplus z_{n}==0$
Check signatures	$verify_{{y_{i}}}(\sigma _{j}){\textrm {for}}j\in \{1,\dots ,n\}$
Recover secret shares	$z'_{{j,r}}\leftarrow z'_{{j-1,r}}\oplus z_{j}$
Generate session key	$k_{i}\leftarrow H(z'_{{1,r}}\dots z'_{{n,r}},sid_{i})$
Broadcast session key confirmation	$skc_{i}\leftarrow H(k_{i},sid_{i},U_{i})$

Leave

Description	Pseudo-code
Remove leaving user's id/key and update participant list	$(plist_{i}\|klist_{i})\backslash (U_{j}\|y_{j})$
Compute Session Id	$sid_{i}\leftarrow H(U_{1}\|y_{1}\|\dots \|U_{n}\|y_{n})$
Generate secret shares	$z'_{{i,l}}\leftarrow H(k_{{i,i-1}},sid_{i}),z'_{{i,r}}\leftarrow H(k_{{i,i+1}},sid_{i})$
Generate public shares	$z_{i}\leftarrow z'_{{i,l}}\oplus z'_{{i,r}}$
Sign identity, shares	$\sigma _{i}\leftarrow Sign_{{x_{i}}}(U_{i},z_{i},sid)$
Broadcast key shares	$(U_{i},z_{i},\sigma _{i})$
Receive other users' key shares	$(U_{1}\|z_{1},\sigma _{1},\dots U_{n}\|z_{n},\sigma _{n})$
Check public shares	$z_{1}\oplus \dots \oplus z_{n}==0$
Check signatures	$verify_{{y_{i}}}(\sigma _{j}){\textrm {for}}j\in \{1,\dots ,n\}$
Recover secret shares	$z'_{{j,r}}\leftarrow z'_{{j-1,r}}\oplus z_{j}$
Generate session key	$k_{i}\leftarrow H(z'_{{1,r}}\dots z'_{{n,r}},sid_{i})$
Broadcast session key confirmation	$skc_{i}\leftarrow H(k_{i},sid_{i},U_{i})$

Send

Description	Pseudo-code
Generate new DH Key or new key share if needed and append	$m\leftarrow (sid,s,m)$
Append the hash of the session digest up to parent of current message	$m\leftarrow (m,Digest(parent(m)),parent\_id)$
Sign the message	$\sigma \leftarrow Sign_{{x_{i}}}(m)$
Encrypt	$e\leftarrow Enc_{{k_{{sid}}}}(m)$
Broadcast the message	$(sid_{i},e,\sigma )$

Receive

Description	Pseudo-code
check signature	$verify(m,\sigma )$
update message block chain	$Insert(BlackChain_{{sid}},m)$
decrypt messagen	$sid_{{rec}},s,m,h,parent\_id\leftarrow Dec_{k}(m)$
Verify session id and hash	$sid_{i}==sid_{{rec}}\;{\textrm {and}}\;h==Digest(parent\_id)$
Update sender key or share key	$y_{j}\leftarrow s\;{\textrm {or}}\;z_{{j}}\leftarrow s$
if all users' share are received session key	$k_{i}\leftarrow ComputeSessionKey(z_{1},...,z_{n})$
return m	$m$

Last modified 11 years ago

@@ Line 201: / Line 201: @@
 |align="right"| check signature
 |align="center"|<math> verify(m,\sigma) </math>
+|-
+|align="right"| update message block chain
+|align="center"|<math> Insert(BlackChain_{sid}, m) </math>
 |-
 |align="right"| decrypt messagen
@@ Line 217: / Line 220: @@
 |align="center"|<math>m</math>
 |}
+[[Category: mpOTR]]

Difference between revisions of "Np1sec/algebraic"

Latest revision as of 18:46, 2 December 2014

Chatroom Setup

Join

Accept

Leave

Send

Receive

learn.equalit.ie