learn.equalit.ie

Procedure Chatroom Init
Input:  $newRoomName$ ,  $participantNick$ 
  Global  $myId:=1$ 
  Global  $Nick_{{myId}}:=participantNick$ 
  Global  $roomName:=newRoomName$ 
  Global  $x_{{myId}},y_{{myId}}:=$   Generate Initial Paramters( $myId$ )
  Global  $signatureKey_{{myId}}:=(x_{{myId}},y_{{myId}})$ 
   $participantList:=[Nick_{{myId}}]$ 
   $ephemeralPublicPointList:=[y_{{myId}},y_{{other}}]$

Procedure Verify Verifier Generate Init Key
Input:  $schnorrRandomPoint_{{other}}$ ,  $Hv_{{other}}$ ,  $v_{{other}}$ ,  $y_{{other}}$ ,  $Nick_{{other}}$ 
   Verify Verifiers()
  Global  $sessionKey:=Hash(x_{{myId}}y_{{other}},sessionId)$ 
   $toBeSigned:=Hash(Hash(sessionId||Hash(y_{1},v_{1})||Hash(y_{2},v_{2})))$ 
   Sign Session and Send( $toBeSigned$ )

Join

Procedure Join
Input:  $newRoomName$ ,  $Nickname_{{myId}}$ ,  $participantId$ 
  Global  $myId:=participantId$ 
  Global  $roomName:=newRoomName$ 
   $x_{{myId}},y_{{myId}}:=$  Generate Initial Paramters(Participant ID  $myId$ )
  Global  $signatureKey_{{myId}}:=(x_{{myId}},y_{{myId}})$ 
   Broadcast(":3mpCat:3Join:3",  $myId$ ,  $Nickname_{{myId}}$ ,  $y_{{myId}}$ )
  Global  $participantList,ephemeralPublicPointList:=$   Receive()
  Global  $sessionId:=$   Compute Session Id( $roomName$ ,  $participantList$ ,  $ephemeralPublicPointList$ )
   Sign and Send Key Confirmation and Shares()
   Wait On Receive(":3mpCat:3KeyConfirmationShare:3")
  Global  $keyShareList,keyConfirmationList,signatureList:=$   Receive()
   Verify Key Confirmations and Signatures( $keyConfirmationList$ ,  $signatureList$ )
   Update Session Key()

Procedure Receive Session Digest
Input:  $currentSessionHistoryDigest$ 
  Global  $sessionDigest:=currentSessionHistoryDigest$

Protocol for other participants already in the chat to accept the newcomer

Procedure Accept
Input: newParticipant
   Broadcast(":3mpCat:3Join:3",  $myId$ ,  $Nickname_{{myId}}$ ,  $y_{{myId}}$ )
   Wait On Receive(":3mpCat:3Join:3")
  Global  $nick_{{NewParticipant}}$ ,  $ephemeralPublicPoint_{{NewParticipant}}:=$   Receive()
   Update Lists( $nick_{{NewParticipant}}$ ,  $ephemeralPublicPoint_{{NewParticipant}}$ )
  Global  $sessionId:=$   Compute Session Id( $roomName$ ,  $participantList$ ,  $ephemeralPublicPointList$ )
   Sign and Send Key Confirmation and Shares()
   Wait On Receive(":3mpCat:3KeyConfirmationShare:3")
  Global  $keyShareList,keyConfirmationList,signatureList:=$   Receive()
   Verify Key Confirmations and Signatures( $keyConfirmationList$ ,  $signatureList$ )
   Update Session Key()
   Send( $sessionDigest$ )

Farewell

Procedure Shrink on Leave
Input:  $leaverId$ 
  Remove  $leaverId$  from  $participantIdList$ 
  Global  $sessionId:=$   Compute Session Id()
 If $|participantList|>1$ , then
   Sign and Send Key Shares()
   Wait On Receive(":3mpCat:3KeyShare:3")
   $keyShareList$  := Receive{}
   Update Session Key( $keyShareList$ )

Procedure Sign and Send Key Shares
Input: 
  Global  $z_{{myId-1,myId}}:=Hash(k_{{myId,myId-1}},sessionId)$ 
  Global  $z_{{myId,myId+1}}:=Hash(k_{{myId,myId+1}},sessionId)$ 
   $keyShare_{{myId}}:=z_{{myId-1,myId}}\oplus z_{{myId,myId+1}}$ 
   $originAuthSignature:=$   ED25519Sign( $SignatureKey$ ,  $sessionId$  ||  $z_{{myId}}$ )
   Broadcast(":3mpCat:3KeyShare:3",  $myId$ ,  $keyShare_{{myId}}$ ,  $originAuthSignature$ )

Send

Procedure Send
Input: Message}{MetaMessage, message
 $keyShareMessage$  =  NewKeyShareMessage(MetaMessage)
 $cryptMessage$  :=  AES CTR Encrypt( $sessionKey$ , $message|keyShareMessage$ )
 $originAuthSignature$  :=  ED25519Sign( $SignatureKey$ ,  $sessionId$  ||  $cryptMetatMessage$ )
 $sessionDigest$  :=  Compute Session Digest( $lastMessage$ )
 Broadcast(":3mpCat:3",  $sessionId$ ,  $cryptMessage$ ,  $sessionDigest$ ,  $originAuthSignature$ ,":3")

Recieve

Procedure Receive
Input:  $sender$ ,  $encryptedMessage$ ,  $originAuthSignature$ ,  $sessionDigest$ 
 $v:=$   ED25519VerifySignature( $ephemeralPublicKeyList[Sender]$ ,  $sessionId||encryptedMessage$ ,  $originAuthSignature$ )
 Assert( $v$ )
 $message,keyShareMessage:=$   AES CTR Decrypt( $sessionKey$ ,  $encryptedMessage$ )
 $isMetaMessage=$  UpdateNewKeyStatus( $keyShareMessage$ )
 Verify Digests( $sessionDiges$ )
Return{ $isMetaMessage,message$ }

\subsection{Common functions}

Common functions used by other procedures in different stages

Procedure Generate Initial Paramters
Input:  $myId$ 
   $signaturePrivateKey:=$   RandomBits(256)
   $x_{{myId}}:=$   Ed25519 Scalar( $signaturePrivateKey$ ))
   $y_{{myId}}:=x_{{myId}}P$ 
 Return  $x,y$

Procedure Verify Key Confirmation and Signatures
Input:  $signatureList$ ,  $keyConfirmationList$ 
  For each  $participant\in participantList$ }, do
    \If{ $keyConfirmationList[participant][myId]\neq Hash(k_{{myId,participant}},U_{{myId}})$ }
       Halt()
     ' \If{ ED25519VerifySignature( $ephemeralPublicKeyList[particicpant]$ ,  $sessionId||keyShares[myId]$ ,  $originAuthSignature$ )'
       Halt()

Procedure Compute Session Id
Input:  $participantList$ ,  $ephemeralPublicPointList$ 
  Return  $Hash(roomeName,zip(participantList,ephemeralPublicPointList))$  #  $zip([a,b],[c,d]):=[(a,c),(b,d)]$

Procedure Verify Signatures
Input:  $longPublicList$ , $schnorrRandomPointList$ ,

Procedure Sign and Send Key Confirmation and Share
Input:  $schnorrRandomPointList$ 
For each  $participant\in participantList$ , do
     $k_{{myId,participant}}:=H(g^{{lp_{{myId}}}}LP_{{participant}}y_{{participant}}^{{x_{{myId}}}})$  # Triple DH
     $kc_{{myId}}:=kc_{{myId}}|H(k_{{myId,participant}},U_{{participant}})$

  Global  $z_{{myId-1,myId}}:=Hash(k_{{myId,myId-1}},sessionId)$ 
  Global  $z_{{myId,myId+1}}:=Hash(k_{{myId,myId+1}},sessionId)$ 
   $keyShare_{{myId}}:=z_{{myId-1,myId}}\oplus z_{{myId,myId+1}}$

     $originAuthSignature:=$   ED25519Sign( $SignatureKey$ ,  $sessionId$  ||  $z_{{myId}}$ )
   Broadcast(":3mpCat:3KeyConfirmationAndShare:3",  $myId$ ,  $keyShare_{{myId}}$ ,  $originAuthSignature$ ,  $kc_{{myId}}$ )

Procedure Update Session Key
Input:  $keyShareList$ 
 $i:=myId$

For each ${j\in [i,...,i+n-1]}$ }, do

   $z_{{j,j+1}}:=z_{{j-1,j}}\oplus keyShareListe[j+1]$ 
# recovered  $z_{{i-1,i}}$  should be equal to its original value
Global  $sessionKey:=Hash(z_{{j,j+1}}|j\in [1...n])$

Procedure Sign Params Update Session Key
Input:  $toBeSigned$ ,  $signatureList$ ,  $keyShareList$ 
 Update Session Key()
 $toBeSigned:=Hash(sessionId,||Hash(verifierList,ephemeralPublicPointList,keyShareList)))$ 
 $signature_{{myId}}:=$  Sign Session and Send( $toBeSigned$ )
 Broadcast(":3mpCat:3SignedSessionParameters:3", $signature_{{myId}}$ )

Procedure ComputeSessionDigest
Input:  $lastMessage$

For each $message$ in Messages Received from $lastDigestedMessage$ +1 till $lastMessage$ }, do

 $sesionDigest:=$   Hash( $sessionDigest$ ,  $message$ )
 LRU Cache Store Digest( $sessionDigest$ ,  $message$ )
Return  $sessionDigest$ , $lastMessageId$

learn.equalit.ie

MpOTR/algorithm dump

Contents

Chatroom setup

Join

Protocol for other participants already in the chat to accept the newcomer

Farewell

Send

Recieve

Common functions used by other procedures in different stages

Search

Personal tools

Tools