MpOTR/algorithm dump - learn.equalit.ie

Chatroom setup

Procedure Chatroom Init
Input:  $newRoomName$ ,  $participantNick$ 
  Global  $myId:=1$ 
  Global  $Nick_{{myId}}:=participantNick$ 
  Global  $roomName:=newRoomName$ 
  Global  $x_{{myId}},y_{{myId}}:=$   Generate Initial Paramters( $myId$ )
  Global  $signatureKey_{{myId}}:=(x_{{myId}},y_{{myId}})$ 
   $participantList:=[Nick_{{myId}}]$ 
   $ephemeralPublicPointList:=[y_{{myId}},y_{{other}}]$

Procedure Verify Verifier Generate Init Key
Input:  $schnorrRandomPoint_{{other}}$ ,  $Hv_{{other}}$ ,  $v_{{other}}$ ,  $y_{{other}}$ ,  $Nick_{{other}}$ 
   Verify Verifiers()
  Global  $sessionKey:=Hash(x_{{myId}}y_{{other}},sessionId)$ 
   $toBeSigned:=Hash(Hash(sessionId||Hash(y_{1},v_{1})||Hash(y_{2},v_{2})))$ 
   Sign Session and Send( $toBeSigned$ )

Join

Procedure Join
Input:  $newRoomName$ ,  $Nickname_{{myId}}$ ,  $participantId$ 
  Global  $myId:=participantId$ 
  Global  $roomName:=newRoomName$ 
   $x_{{myId}},y_{{myId}}:=$  Generate Initial Paramters(Participant ID  $myId$ )
  Global  $signatureKey_{{myId}}:=(x_{{myId}},y_{{myId}})$ 
   Broadcast(":3mpCat:3Join:3",  $myId$ ,  $Nickname_{{myId}}$ ,  $y_{{myId}}$ )
  Global  $participantList,ephemeralPublicPointList:=$   Receive()
  Global  $sessionId:=$   Compute Session Id( $roomName$ ,  $participantList$ ,  $ephemeralPublicPointList$ )
   Sign and Send Key Confirmation and Shares()
   Wait On Receive(":3mpCat:3KeyConfirmationShare:3")
  Global  $keyShareList,keyConfirmationList,signatureList:=$   Receive()
   Verify Key Confirmations and Signatures( $keyConfirmationList$ ,  $signatureList$ )
   Update Session Key()

Procedure Receive Session Digest
Input:  $currentSessionHistoryDigest$ 
  Global  $sessionDigest:=currentSessionHistoryDigest$

Protocol for other participants already in the chat to accept the newcomer

Procedure Accept
Input: newParticipant
   Broadcast(":3mpCat:3Join:3",  $myId$ ,  $Nickname_{{myId}}$ ,  $y_{{myId}}$ )
   Wait On Receive(":3mpCat:3Join:3")
  Global  $nick_{{NewParticipant}}$ ,  $ephemeralPublicPoint_{{NewParticipant}}:=$   Receive()
   Update Lists( $nick_{{NewParticipant}}$ ,  $ephemeralPublicPoint_{{NewParticipant}}$ )
  Global  $sessionId:=$   Compute Session Id( $roomName$ ,  $participantList$ ,  $ephemeralPublicPointList$ )
   Sign and Send Key Confirmation and Shares()
   Wait On Receive(":3mpCat:3KeyConfirmationShare:3")
  Global  $keyShareList,keyConfirmationList,signatureList:=$   Receive()
   Verify Key Confirmations and Signatures( $keyConfirmationList$ ,  $signatureList$ )
   Update Session Key()
   Send( $sessionDigest$ )

Farewell

Procedure Shrink on Leave
Input:  $leaverId$ 
  Remove  $leaverId$  from  $participantIdList$ 
  Global  $sessionId:=$   Compute Session Id()
 If $|participantList|>1$ , then
   Sign and Send Key Shares()
   Wait On Receive(":3mpCat:3KeyShare:3")
   $keyShareList$  := Receive{}
   Update Session Key( $keyShareList$ )

Procedure Sign and Send Key Shares
Input: 
  Global  $z_{{myId-1,myId}}:=Hash(k_{{myId,myId-1}},sessionId)$ 
  Global  $z_{{myId,myId+1}}:=Hash(k_{{myId,myId+1}},sessionId)$ 
   $keyShare_{{myId}}:=z_{{myId-1,myId}}\oplus z_{{myId,myId+1}}$ 
   $originAuthSignature:=$   ED25519Sign( $SignatureKey$ ,  $sessionId$  ||  $z_{{myId}}$ )
   Broadcast(":3mpCat:3KeyShare:3",  $myId$ ,  $keyShare_{{myId}}$ ,  $originAuthSignature$ )

Send

Procedure Send
Input: Message}{MetaMessage, message
 $keyShareMessage$  =  NewKeyShareMessage(MetaMessage)
 $cryptMessage$  :=  AES CTR Encrypt( $sessionKey$ , $message|keyShareMessage$ )
 $originAuthSignature$  :=  ED25519Sign( $SignatureKey$ ,  $sessionId$  ||  $cryptMetatMessage$ )
 $sessionDigest$  :=  Compute Session Digest( $lastMessage$ )
 Broadcast(":3mpCat:3",  $sessionId$ ,  $cryptMessage$ ,  $sessionDigest$ ,  $originAuthSignature$ ,":3")

Recieve

Procedure Receive
Input:  $sender$ ,  $encryptedMessage$ ,  $originAuthSignature$ ,  $sessionDigest$  $v:=$   ED25519VerifySignature( $ephemeralPublicKeyList[Sender]$ ,  $sessionId||encryptedMessage$ ,  $originAuthSignature$ )
 Assert( $v$ )
 $message,keyShareMessage:=$   AES CTR Decrypt( $sessionKey$ ,  $encryptedMessage$ )
 $isMetaMessage=$  UpdateNewKeyStatus( $keyShareMessage$ )
 Verify Digests( $sessionDiges$ )
Return{ $isMetaMessage,message$ }

\subsection{Common functions}

Common functions used by other procedures in different stages

Procedure Generate Initial Paramters
Input:  $myId$ 
   $signaturePrivateKey:=$   RandomBits(256)
   $x_{{myId}}:=$   Ed25519 Scalar( $signaturePrivateKey$ ))
   $y_{{myId}}:=x_{{myId}}P$ 
 Return  $x,y$

Procedure Verify Key Confirmation and Signatures
Input:  $signatureList$ ,  $keyConfirmationList$ 
  For each  $participant\in participantList$ }, do
    \If{ $keyConfirmationList[participant][myId]\neq Hash(k_{{myId,participant}},U_{{myId}})$ }
       Halt()
     ' \If{ ED25519VerifySignature( $ephemeralPublicKeyList[particicpant]$ ,  $sessionId||keyShares[myId]$ ,  $originAuthSignature$ )'
       Halt()

Procedure Compute Session Id
Input:  $participantList$ ,  $ephemeralPublicPointList$ 
  Return  $Hash(roomeName,zip(participantList,ephemeralPublicPointList))$  #  $zip([a,b],[c,d]):=[(a,c),(b,d)]$

Procedure Verify Signatures
Input:  $longPublicList$ , $schnorrRandomPointList$ ,

Procedure Sign and Send Key Confirmation and Share
Input:  $schnorrRandomPointList$ For each  $participant\in participantList$ , do
     $k_{{myId,participant}}:=H(g^{{lp_{{myId}}}}LP_{{participant}}y_{{participant}}^{{x_{{myId}}}})$  # Triple DH
     $kc_{{myId}}:=kc_{{myId}}|H(k_{{myId,participant}},U_{{participant}})$

  Global  $z_{{myId-1,myId}}:=Hash(k_{{myId,myId-1}},sessionId)$ 
  Global  $z_{{myId,myId+1}}:=Hash(k_{{myId,myId+1}},sessionId)$ 
   $keyShare_{{myId}}:=z_{{myId-1,myId}}\oplus z_{{myId,myId+1}}$

     $originAuthSignature:=$   ED25519Sign( $SignatureKey$ ,  $sessionId$  ||  $z_{{myId}}$ )
   Broadcast(":3mpCat:3KeyConfirmationAndShare:3",  $myId$ ,  $keyShare_{{myId}}$ ,  $originAuthSignature$ ,  $kc_{{myId}}$ )

Procedure Update Session Key
Input:  $keyShareList$  $i:=myId$

For each ${j\in [i,...,i+n-1]}$ }, do

   $z_{{j,j+1}}:=z_{{j-1,j}}\oplus keyShareListe[j+1]$ 
# recovered  $z_{{i-1,i}}$  should be equal to its original value
Global  $sessionKey:=Hash(z_{{j,j+1}}|j\in [1...n])$

Procedure Sign Params Update Session Key
Input:  $toBeSigned$ ,  $signatureList$ ,  $keyShareList$  Update Session Key()
 $toBeSigned:=Hash(sessionId,||Hash(verifierList,ephemeralPublicPointList,keyShareList)))$  $signature_{{myId}}:=$  Sign Session and Send( $toBeSigned$ )
 Broadcast(":3mpCat:3SignedSessionParameters:3", $signature_{{myId}}$ )

Procedure ComputeSessionDigest
Input:  $lastMessage$

For each $message$ in Messages Received from $lastDigestedMessage$ +1 till $lastMessage$ }, do

 $sesionDigest:=$   Hash( $sessionDigest$ ,  $message$ )
 LRU Cache Store Digest( $sessionDigest$ ,  $message$ )
Return  $sessionDigest$ , $lastMessageId$

Last modified on 28 July 2014, at 18:56