Np1sec/Specification
Contents
Procedures
Chat setup
Chatroom setup
Procedure Chatroom Init
Input: ,
global
global
global
global Generate Initial Paramters()
global
Joining
Join
Procedure Join Input: , , global global Generate Initial Paramters() global Broadcast(":3mpCAT:3Join:3", , , ) global Receive() global Compute Session Id(, , ) Sign and Send Key Confirmation and Shares() Wait On Receive(":3mpCAT:3KeyConfirmationShare:3") global Receive() Verify Key Confirmations and Signatures(, ) Update Session Key()
Procedure Receive Session Digest Input: global
Protocol for other participants already in the chat to accept the newcomer
Procedure Accept Input: Broadcast(":3mpCAT:3Join:3", , , ) Wait On Receive(":3mpCAT:3Join:3") global , Receive() Update Lists(, ) global Compute Session Id(, , ) Sign and Send Key Confirmation and Shares() Wait On Receive(":3mpCAT:3KeyConfirmationShare:3") global Receive() Verify Key Confirmations and Signatures(, ) Update Session Key() Send()
Sending and receiving messages while joining is in progress
Leave
Leaving a chatroom involves only one procedure for those who are staying in the chatroom (Procedure Farewell) which is described in Algorithm 4. The remaining participants only need a notice from the server that the user is leaving to re-run the one round key update algorithm. Also, failure to receive a heartbeat from a user will result in executing Algorithm 4 excluding users which did not update their key.
Farewell
Procedure Shrink on Leave Input: remove from global Compute Session Id() if , then Sign and Send Key Shares() Wait On Receive(":3mpCAT:3KeyShare:3") := Receive() Update Session Key()
Procedure Sign and Send Key Shares Input: global global ED25519Sign(, || ) Broadcast(":3mpCAT:3KeyShare:3", , , ) # we can send this encrypted but leaving person can read it, hence theoretically it is the same as sending it unencrypted.
Secure Send and Receive
After the session key is established, participants will use Algorithms 5 and 6 to communicate securely.
On Send, the protocol checks the status of the new ephemeral Diffie-Hellman and key share using messages it receives from participants. It (re)sends any missing pieces. It also informs other participants which part of the key share is received by that user. The metadata flag indicates if the message being sent only contains meta data (e.g. heartbeat) or actual user communication.
On Receive, the protocol updates who has which pieces of the key shares. The protocol also generates a new group key if the new key shares have been received from all participants or those who have not updated their key shares time out on their heartbeat interval.
Send
Procedure Send
Input: , = NewKeyShareMessage() := AES CTR Encrypt(,) := ED25519Sign(, || ) := Compute Session Digest() Broadcast(":3mpCAT:3", , , , ,":3")
Receive
Procedure Receive
Input: , , ,
ED25519VerifySignature(, , ) Assert() or return Reject AES CTR Decrypt(, ){} UpdateNewKeyStatus() Verify Digests() return{} # isMetaMessage is true if the message is purely meta message and there is nothing to display
Common functions
Common functions used by other procedures in different stages
Procedure Generate Initial Paramters Input: RandomBits(256) Ed25519 Scalar()) #{This is both Diffie-Hellman secret and ephemeral signature private key} return
Procedure Verify Key Confirmation and Signatures Input: , for each , do if , then Halt() else if ED25519VerifySignature(, , ) = Fail , then Halt()
Procedure Compute Session Id Input: , return #
Procedure Verify Signatures Input: ,, # standard signature verification
Procedure Sign and Send Key Confirmation and Share Input: for each , do # Triple DH global global ED25519Sign(, || ) Broadcast(":3mpCAT:3KeyConfirmationAndShare:3", , , , )
Procedure Update Session Key Input: for each , do # recovered should be equal to its original value global
Procedure Sign Params Update Session Key Input: , , Update Session Key() Sign Session and Send() Broadcast(":3mpCAT:3SignedSessionParameters:3",)
Procedure ComputeSessionDigest
Input:
for each in Messages Received from +1 till , do
LRU Cache Store Digest(, )
return ,
Procedure NewKeyShareMessage Input: # Based on metaMessage Determines what type of keyshare needs to be send (Ephemeral point or Group key share) and returen it.
Procedure UpdateNewKeyStatus Input: # Update the table of which participant has sent its new ephemeral point or its new group key share
Procedure Hash
Input:
return SHA-512()