Difference between revisions of "Np1sec/algebraic"
(Accept)
Line 82: Line 82:
 
!align="center"|Pseudo-code
 
!align="center"|Pseudo-code
 
|-
 
|-
|align="right"| broadcast all user's identities (U_1|y_1|\dots|U_n|y_n)
+
|align="right"| broadcast all user's identities  
|align="center"|<math> x_i \leftarrow [0, order(g)]</math>
+
|align="center"|<math> (U_1|y_1|\dots|U_n|y_n) </math>
 
|-
 
|-
 
|align="right"| Receive other users' id/key and update participant list
 
|align="right"| Receive other users' id/key and update participant list
|align="center"|<math>plist_i|klist_i \textrm{append} (U_j|y_j)</math>
+
|align="center"|<math>(plist_i|klist_i) \cup (U_j|y_j)</math>
|-
+
|align="right"|Broadcast User identity and the DH key
+
|align="center"|<math>(U_i, y_i)</math>
+
|-
+
|align="right"| Receive other users' id/key
+
|align="center"|<math>plist_i|klist_i \leftarrow (U_j|y_j|\dots|U_j|y_j)</math>
+
 
|-
 
|-
 
|align="right"|Compute Session Id
 
|align="right"|Compute Session Id
Line 98: Line 92:
 
|-
 
|-
 
|align="right"|Generate Triple Diffie-Hellman P2P key for the new participant
 
|align="right"|Generate Triple Diffie-Hellman P2P key for the new participant
|align="center"|<math>k_{i,j} \leftarrow H({y_j}^{lp_i},LP_j^{x_i},y_j^{x_i})</math>}}
+
|align="center"|<math>k_{i,j} \leftarrow H({y_j}^{lp_i},LP_j^{x_i},y_j^{x_i})</math>
 
|-
 
|-
 
|align="right"|Generate key confirmations
 
|align="right"|Generate key confirmations
|align="center"|<math>kc_i \leftarrow (H(k_{i,j}, U_j)</math>
+
|align="center"|<math>kc_{i,j}\leftarrow H(k_{i,j}, U_i) </math>
 
|-
 
|-
 
|align="right"|Generate secret shares
 
|align="right"|Generate secret shares
Line 116: Line 110:
 
|-
 
|-
 
|align="right"| Receive other users' key shares and new users confirmation
 
|align="right"| Receive other users' key shares and new users confirmation
|align="center"|<math>(U_1|z_1,\sigma_1,\dots U_n|z_n,\sigma_n), kc_{ij}</math>
+
|align="center"|<math>(U_1|z_1,\sigma_1,\dots U_n|z_n,\sigma_n), kc_{i,j}</math>
 
|-
 
|-
 
|align="right"|Check validity of key confirmation
 
|align="right"|Check validity of key confirmation
|align="center"|<math>kc_i[j] == kc_j[i]</math>
+
|align="center"|<math>kc_{j,i} == H(k_{i,j},U_j)</math>
 
|-
 
|-
 
|align="right"|Check public shares
 
|align="right"|Check public shares

Revision as of 06:29, 11 September 2014

Chatroom Setup

Description Pseudo-code
Generate ephemeral DH private key of the room initiator x_{i}\leftarrow [0,order(g)]
Generate DH key for BD, Triple DH and Signature y_{i}\leftarrow g^{{x_{i}}}
Set participant list plist\leftarrow [U_{i}]

Join

Description Pseudo-code
Generate ephemeral DH private key x_{i}\leftarrow [0,order(g)]
Generate DH key for BD, Triple DH and Signature y_{i}\leftarrow g^{{x_{i}}}
Broadcast User identity and the DH key (U_{i},y_{i})
Receive other users' id/key plist_{i}|klist_{i}\leftarrow (U_{1}|y_{1}|\dots |U_{n}|y_{n})
Compute Session Id sid_{i}\leftarrow H(U_{1}|y_{1}|\dots |U_{n}|y_{n})
Generate Triple Diffie-Hellman P2P keys k_{{i,j}}\leftarrow H({y_{j}}^{{lp_{i}}},LP_{j}^{{x_{i}}},y_{j}^{{x_{i}}})}}
Generate key confirmations kc_{i}\leftarrow (H(k_{{i,1}},U_{1}),\dots ,H(k_{{i,n}},U_{n}))}}
Generate secret shares z'_{{i,l}}\leftarrow H(k_{{i,i-1}},sid_{i}),z'_{{i,r}}\leftarrow H(k_{{i,i+1}},sid_{i})
Generate public shares z_{i}\leftarrow z'_{{i,l}}\oplus z'_{{i,r}}
Sign identity, shares \sigma _{i}\leftarrow Sign_{{x_{i}}}(U_{i},z_{i},sid)
Broadcast key shares and confirmation (U_{i},z_{i},\sigma _{i}kc_{i})
Receive other users' key shares and confirmation (U_{1}|z_{1},\sigma _{1},kc_{{1i}},\dots U_{n}|z_{n},\sigma _{n},kc_{{ni}})
Check validity of key confirmation kc_{i}[j]==kc_{j}[i]{\textrm {for}}j\in \{1,\dots ,n\}
Check public shares z_{1}\oplus \dots \oplus z_{n}==0
Check signatures verify_{{y_{i}}}(\sigma _{j}){\textrm {for}}j\in \{1,\dots ,n\}
Recover secret shares z'_{{j,r}}\leftarrow z'_{{j-1,r}}\oplus z_{j}
Generate session key k_{i}\leftarrow H(z'_{{1,r}}\dots z'_{{n,r}},sid_{i})
Broadcast session key confirmation k_{i}\leftarrow H(k_{i},sid_{i},U_{i})

Accept

Description Pseudo-code
broadcast all user's identities (U_{1}|y_{1}|\dots |U_{n}|y_{n})
Receive other users' id/key and update participant list (plist_{i}|klist_{i})\cup (U_{j}|y_{j})
Compute Session Id sid_{i}\leftarrow H(U_{1}|y_{1}|\dots |U_{n}|y_{n})
Generate Triple Diffie-Hellman P2P key for the new participant k_{{i,j}}\leftarrow H({y_{j}}^{{lp_{i}}},LP_{j}^{{x_{i}}},y_{j}^{{x_{i}}})
Generate key confirmations kc_{{i,j}}\leftarrow H(k_{{i,j}},U_{i})
Generate secret shares z'_{{i,l}}\leftarrow H(k_{{i,i-1}},sid_{i}),z'_{{i,r}}\leftarrow H(k_{{i,i+1}},sid_{i})
Generate public shares z_{i}\leftarrow z'_{{i,l}}\oplus z'_{{i,r}}
Sign identity, shares \sigma _{i}\leftarrow Sign_{{x_{i}}}(U_{i},z_{i},sid)
Broadcast key shares and confirmation (U_{i},z_{i},\sigma _{i},kc_{i})
Receive other users' key shares and new users confirmation (U_{1}|z_{1},\sigma _{1},\dots U_{n}|z_{n},\sigma _{n}),kc_{{i,j}}
Check validity of key confirmation kc_{{j,i}}==H(k_{{i,j}},U_{j})
Check public shares z_{1}\oplus \dots \oplus z_{n}==0
Check signatures verify_{{y_{i}}}(\sigma _{j}){\textrm {for}}j\in \{1,\dots ,n\}
Recover secret shares z'_{{j,r}}\leftarrow z'_{{j-1,r}}\oplus z_{j}
Generate session key k_{i}\leftarrow H(z'_{{1,r}}\dots z'_{{n,r}},sid_{i})
Broadcast session key confirmation k_{i}\leftarrow H(k_{i},sid_{i},U_{i})

Leave

Description Pseudo-code
Remove leaving user's id/key and update participant list plist_{i}|klist_{i}{\textrm {remove}}(U_{j}|y_{j})
Compute Session Id sid_{i}\leftarrow H(U_{1}|y_{1}|\dots |U_{n}|y_{n})
Generate key confirmations kc_{i}\leftarrow (H(k_{{i,j}},U_{j})
Generate secret shares z'_{{i,l}}\leftarrow H(k_{{i,i-1}},sid_{i}),z'_{{i,r}}\leftarrow H(k_{{i,i+1}},sid_{i})
Generate public shares z_{i}\leftarrow z'_{{i,l}}\oplus z'_{{i,r}}
Sign identity, shares \sigma _{i}\leftarrow Sign_{{x_{i}}}(U_{i},z_{i},sid)
Broadcast key shares (U_{i},z_{i},\sigma _{i},>kc_{i}}})
Receive other users' key shares Failed to parse (lexing error): (U_1|z_1,\sigma_1,\dots U_n|z_n,\sigma_n) |- |align="right"|Check validity of key confirmation |align="center"|<math>kc_i[j] == kc_j[i]
Check public shares z_{1}\oplus \dots \oplus z_{n}==0
Check signatures verify_{{y_{i}}}(\sigma _{j}){\textrm {for}}j\in \{1,\dots ,n\}
Recover secret shares z'_{{j,r}}\leftarrow z'_{{j-1,r}}\oplus z_{j}
Generate session key k_{i}\leftarrow H(z'_{{1,r}}\dots z'_{{n,r}},sid_{i})
Broadcast session key confirmation skc_{i}\leftarrow H(k_{i},sid_{i},U_{i})


Send

Description Pseudo-code
Generate new DH Key or new key share if needed and append m\leftarrow (sid,s,m)
Append the hash of the session digest up to parent of current message m\leftarrow (m,Digest(parnet(m)),parent\_id)
Sign the message \sigma \leftarrow Sign_{{x_{i}}}(m)
Encrypt Failed to parse (PNG conversion failed; check for correct installation of latex and dvipng (or dvips + gs + convert)): e\leftarrow Enc_{k}_{{sid}}(m)
Broadcast the message (sid_{i},e,\sigma )

Receive

Description Pseudo-code
check signature verify(m)==(m,\sigma )
decrypt messagen sid_{{rec}},s,m,h,parent\_id\leftarrow Dec_{k}(m)
Verify session id and hash Failed to parse (syntax error): \sigma \leftarrow sid_i == sid_{rec} & h == Digest(parent\_id)
Update key share or session key (y_{j},z_{{ji}})
return m m
Retrieved from "https://learn.equalit.ie/mw/index.php?title=Np1sec/algebraic&oldid=810"