Difference between revisions of "MpOTR/algorithm dump"

(Common functions used by other procedures in different stages)
(Common functions used by other procedures in different stages)
 
(One intermediate revision by the same user not shown)
Line 126: Line 126:
 
     '''if''' <math>keyConfirmationList[participant][myId] \neq Hash(k_{myId,participant} , U_{myId} )</math>''', then'''
 
     '''if''' <math>keyConfirmationList[participant][myId] \neq Hash(k_{myId,participant} , U_{myId} )</math>''', then'''
 
       <span style="font-family: serif; font-size: larger; font-variant:small-caps;">'''Halt</span>'''()
 
       <span style="font-family: serif; font-size: larger; font-variant:small-caps;">'''Halt</span>'''()
     ' '''if''' <span style="font-family: serif; font-size: larger; font-variant:small-caps;">'''ED25519VerifySignature</span>'''(''', then'''{<math>ephemeralPublicKeyList[particicpant]</math>, <math>sessionId ||keyShares[myId]</math>, <math>originAuthSignature</math>} = Fail}
+
     '''else''' '''if''' <span style="font-family: serif; font-size: larger; font-variant:small-caps;">'''ED25519VerifySignature</span>'''(<math>ephemeralPublicKeyList[particicpant]</math>, <math>sessionId | keyShares[myId]</math>, <math>originAuthSignature</math>) = Fail ''', then'''
'
+
 
       <span style="font-family: serif; font-size: larger; font-variant:small-caps;">'''Halt</span>'''()
 
       <span style="font-family: serif; font-size: larger; font-variant:small-caps;">'''Halt</span>'''()
 
{{algorithm-end}}
 
{{algorithm-end}}
 +
  
 
{{algorithm-begin|name=Compute Session Id}}
 
{{algorithm-begin|name=Compute Session Id}}
Line 141: Line 141:
 
  # standard signature verification
 
  # standard signature verification
 
{{algorithm-end}}
 
{{algorithm-end}}
 +
  
 
{{algorithm-begin|name=Sign and Send Key Confirmation and Share}}
 
{{algorithm-begin|name=Sign and Send Key Confirmation and Share}}
 
  Input: <math>schnorrRandomPointList</math>
 
  Input: <math>schnorrRandomPointList</math>
'''for each''' <math>participant \in participantList</math>, '''do'''
+
  '''for each''' <math>participant \in participantList</math>, '''do'''
 
     <math>k_{myId, participant} := Hash(x_{myId}LP_{participant} |lp_{myId}y_{participant} | x_{myId}y_{participant})</math>  # Triple DH
 
     <math>k_{myId, participant} := Hash(x_{myId}LP_{participant} |lp_{myId}y_{participant} | x_{myId}y_{participant})</math>  # Triple DH
 
     <math>kc_{myId} := kc_{myId} | Hash(k_{myId,participant}, U_{participant})</math>
 
     <math>kc_{myId} := kc_{myId} | Hash(k_{myId,participant}, U_{participant})</math>
Line 153: Line 154:
 
   <span style="font-family: serif; font-size: larger; font-variant:small-caps;">'''Broadcast</span>'''(":3mpCat:3KeyConfirmationAndShare:3", <math>myId</math>, <math>keyShare_{myId}</math>, <math>originAuthSignature</math>, <math>kc_{myId}</math>)
 
   <span style="font-family: serif; font-size: larger; font-variant:small-caps;">'''Broadcast</span>'''(":3mpCat:3KeyConfirmationAndShare:3", <math>myId</math>, <math>keyShare_{myId}</math>, <math>originAuthSignature</math>, <math>kc_{myId}</math>)
 
{{algorithm-end}}
 
{{algorithm-end}}
 +
  
 
{{algorithm-begin|name=Update Session Key}}
 
{{algorithm-begin|name=Update Session Key}}
 
  Input: <math>keyShareList</math>
 
  Input: <math>keyShareList</math>
<math>i := myId</math>
+
  <math>i := myId</math>
'''for each''' <math>{j \in [i,...,i+n-1]}</math>, '''do'''
+
  '''for each''' <math>{j \in [i,...,i+n-1]}</math>, '''do'''
  <math>z_{j,j+1} := z_{j-1,j} \oplus keyShareListe[j+1]</math>
+
      <math>z_{j,j+1} := z_{j-1,j} \oplus keyShareListe[j+1]</math>
  # recovered <math>z_{i-1,i}</math> should be equal to its original value
+
    # recovered <math>z_{i-1,i}</math> should be equal to its original value
'''global''' <math>sessionKey := Hash(z_{j,j+1} | j \in [1...n])</math>
+
    '''global''' <math>sessionKey := Hash(z_{j,j+1} | j \in [1...n])</math>
 
{{algorithm-end}}
 
{{algorithm-end}}
  
  
 
{{algorithm-begin|name=Sign Params Update Session Key}}
 
{{algorithm-begin|name=Sign Params Update Session Key}}
  Input: <math>toBeSigned</math>, <math>signatureList</math>, <math>keyShareList</math>
+
  Input: <math>toBeSigned</math>, <math>signatureList</math>,<math>keyShareList</math>
<span style="font-family: serif; font-size: larger; font-variant:small-caps;">'''Update Session Key</span>'''()
+
  <span style="font-family: serif; font-size: larger; font-variant:small-caps;">'''Update Session Key</span>'''()
<math>toBeSigned := Hash(sessionId, ||Hash(verifierList, ephemeralPublicPointList, keyShareList)))</math>
+
  <math>toBeSigned := Hash(sessionId, ||Hash(verifierList, ephemeralPublicPointList, keyShareList)))</math>
<math>signature_{myId} := </math><span style="font-family: serif; font-size: larger; font-variant:small-caps;">'''Sign Session and Send</span>'''(<math>toBeSigned</math>)
+
  <math>signature_{myId} := </math><span style="font-family: serif; font-size: larger; font-variant:small-caps;">'''Sign Session and Send</span>'''(<math>toBeSigned</math>)
<span style="font-family: serif; font-size: larger; font-variant:small-caps;">'''Broadcast</span>'''(":3mpCat:3SignedSessionParameters:3",<math>signature_{myId}</math>)
+
  <span style="font-family: serif; font-size: larger; font-variant:small-caps;">'''Broadcast</span>'''(":3mpCat:3SignedSessionParameters:3",<math>signature_{myId}</math>)
 
{{algorithm-end}}
 
{{algorithm-end}}
  
Line 175: Line 177:
 
{{algorithm-begin|name=ComputeSessionDigest}}
 
{{algorithm-begin|name=ComputeSessionDigest}}
 
  Input: <math>lastMessage</math>
 
  Input: <math>lastMessage</math>
'''for each''' <math>message</math> in Messages Received from <math>lastDigestedMessage</math>+1 till <math>lastMessage</math>, '''do'''
+
  '''for each''' <math>message</math> in Messages Received from <math>lastDigestedMessage</math>+1 till <math>lastMessage</math>, '''do'''
  <math>sesionDigest := Hass(sessionDigest, message)</math>  
+
      <math>sesionDigest := Hass(sessionDigest, message)</math>  
  <span style="font-family: serif; font-size: larger; font-variant:small-caps;">'''LRU Cache Store Digest</span>'''(<math>sessionDigest</math>, <math>message</math>)
+
      <span style="font-family: serif; font-size: larger; font-variant:small-caps;">'''LRU Cache Store Digest</span>'''(<math>sessionDigest</math>, <math>message</math>)
'''return''' <math>sessionDigest</math>,<math>lastMessageId</math>
+
  '''return''' <math>sessionDigest</math>,<math>lastMessageId</math>
 
{{algorithm-end}}
 
{{algorithm-end}}
  

Latest revision as of 20:40, 28 July 2014

Chatroom setup

Procedure Chatroom Init
Input: newRoomName, participantNick
  global myId:=1
  global Nick_{{myId}}:=participantNick
  global roomName:=newRoomName
  global x_{{myId}},y_{{myId}}:= Generate Initial Paramters(myId)
  global signatureKey_{{myId}}:=(x_{{myId}},y_{{myId}})
  participantList:=[Nick_{{myId}}]
  ephemeralPublicPointList:=[y_{{myId}},y_{{other}}]



Procedure Verify Verifier Generate Init Key
Input: schnorrRandomPoint_{{other}}, Hv_{{other}}, v_{{other}}, y_{{other}}, Nick_{{other}}
  Verify Verifiers()
  global sessionKey:=Hash(x_{{myId}}y_{{other}},sessionId)
  toBeSigned:=Hash(Hash(sessionId||Hash(y_{1},v_{1})||Hash(y_{2},v_{2})))
  Sign Session and Send(toBeSigned)

Join

Procedure Join
Input: newRoomName, Nickname_{{myId}}, participantId
  global myId:=participantId
  global roomName:=newRoomName
  x_{{myId}},y_{{myId}}:=Generate Initial Paramters(myId)
  global signatureKey_{{myId}}:=(x_{{myId}},y_{{myId}})
  Broadcast(":3mpCat:3Join:3", myId, Nickname_{{myId}}, y_{{myId}})
  global participantList,ephemeralPublicPointList:= Receive()
  global sessionId:= Compute Session Id(roomName, participantList, ephemeralPublicPointList)
  Sign and Send Key Confirmation and Shares()
  Wait On Receive(":3mpCat:3KeyConfirmationShare:3")
  global keyShareList,keyConfirmationList,signatureList:= Receive()
  Verify Key Confirmations and Signatures(keyConfirmationList, signatureList)
  Update Session Key()



Procedure Receive Session Digest
Input: currentSessionHistoryDigest
  global sessionDigest:=currentSessionHistoryDigest

Protocol for other participants already in the chat to accept the newcomer

Procedure Accept
Input: newParticipant
  Broadcast(":3mpCat:3Join:3", myId, Nickname_{{myId}}, y_{{myId}})
  Wait On Receive(":3mpCat:3Join:3")
  global nick_{{NewParticipant}}, ephemeralPublicPoint_{{NewParticipant}}:= Receive()
  Update Lists(nick_{{NewParticipant}}, ephemeralPublicPoint_{{NewParticipant}})
  global sessionId:= Compute Session Id(roomName, participantList, ephemeralPublicPointList)
  Sign and Send Key Confirmation and Shares()
  Wait On Receive(":3mpCat:3KeyConfirmationShare:3")
  global keyShareList,keyConfirmationList,signatureList:= Receive()
  Verify Key Confirmations and Signatures(keyConfirmationList, signatureList)
  Update Session Key()
  Send(sessionDigest)


Farewell

Procedure Shrink on Leave
Input: leaverId
  remove leaverId from participantIdList
  global sessionId:= Compute Session Id()
  if |participantList|>1, then
    Sign and Send Key Shares()
    Wait On Receive(":3mpCat:3KeyShare:3")
    keyShareList := Receive()
    Update Session Key(keyShareList)



Procedure Sign and Send Key Shares
Input: 
  global z_{{myId-1,myId}}:=Hash(k_{{myId,myId-1}},sessionId)
  global z_{{myId,myId+1}}:=Hash(k_{{myId,myId+1}},sessionId)
  keyShare_{{myId}}:=z_{{myId-1,myId}}\oplus z_{{myId,myId+1}}
  originAuthSignature:= ED25519Sign(SignatureKey, sessionId || z_{{myId}})
  Broadcast(":3mpCat:3KeyShare:3", myId, keyShare_{{myId}}, originAuthSignature)  # we can send this encrypted but leaving person can read it, hence theoretically it is the same as sending it unencrypted.

Send

Procedure Send
Input: metaMessage, message
  keyShareMessage = NewKeyShareMessage(metaMessage)
  cryptMessage := AES CTR Encrypt(sessionKey,message|keyShareMessage)
  originAuthSignature := ED25519Sign(SignatureKey, sessionId || cryptMetatMessage)
  sessionDigest := Compute Session Digest(lastMessage)
  Broadcast(":3mpCat:3", sessionId, cryptMessage, sessionDigest, originAuthSignature,":3")

Recieve

Procedure Receive
Input: sender, encryptedMessage, originAuthSignature, sessionDigest
  v:= ED25519VerifySignature(ephemeralPublicKeyList[Sender], sessionId||encryptedMessage, originAuthSignature)
  Assert(v) or return Reject
  message,keyShareMessage:= AES CTR Decrypt(sessionKey, encryptedMessage){}
  isMetaMessage=UpdateNewKeyStatus(keyShareMessage)
  Verify Digests(sessionDiges)
  return{isMetaMessage,message}  # isMetaMessage is true if the message is purely meta message and there is nothing to display

Common functions used by other procedures in different stages

Procedure Generate Initial Paramters
Input: myId
  signaturePrivateKey:= RandomBits(256)
  x_{{myId}}:= Ed25519 Scalar(signaturePrivateKey)) #{This is both Diffie-Hellman secret and ephemeral signature private key}
  y_{{myId}}:=x_{{myId}}P
  return x,y



Procedure Verify Key Confirmation and Signatures
Input: signatureList, keyConfirmationList
  for each participant\in participantList, do
    if keyConfirmationList[participant][myId]\neq Hash(k_{{myId,participant}},U_{{myId}}), then
      Halt()
    else if ED25519VerifySignature(ephemeralPublicKeyList[particicpant], sessionId|keyShares[myId], originAuthSignature) = Fail , then
      Halt()



Procedure Compute Session Id
Input: participantList, ephemeralPublicPointList
  return Hash(roomeName,zip(participantList,ephemeralPublicPointList))  # zip([a,b],[c,d]):=[(a,c),(b,d)]



Procedure Verify Signatures
Input: longPublicList,schnorrRandomPointList, 
# standard signature verification



Procedure Sign and Send Key Confirmation and Share
Input: schnorrRandomPointList
  for each participant\in participantList, do
    k_{{myId,participant}}:=Hash(x_{{myId}}LP_{{participant}}|lp_{{myId}}y_{{participant}}|x_{{myId}}y_{{participant}})  # Triple DH
    kc_{{myId}}:=kc_{{myId}}|Hash(k_{{myId,participant}},U_{{participant}})
  global z_{{myId-1,myId}}:=Hash(k_{{myId,myId-1}},sessionId)
  global z_{{myId,myId+1}}:=Hash(k_{{myId,myId+1}},sessionId)
  keyShare_{{myId}}:=z_{{myId-1,myId}}\oplus z_{{myId,myId+1}}
  originAuthSignature:= ED25519Sign(SignatureKey, sessionId || z_{{myId}})
  Broadcast(":3mpCat:3KeyConfirmationAndShare:3", myId, keyShare_{{myId}}, originAuthSignature, kc_{{myId}})



Procedure Update Session Key
Input: keyShareList
  i:=myId
  for each {j\in [i,...,i+n-1]}, do
     z_{{j,j+1}}:=z_{{j-1,j}}\oplus keyShareListe[j+1]
    # recovered z_{{i-1,i}} should be equal to its original value
   global sessionKey:=Hash(z_{{j,j+1}}|j\in [1...n])



Procedure Sign Params Update Session Key
Input: toBeSigned, signatureList,keyShareList
  Update Session Key()
  toBeSigned:=Hash(sessionId,||Hash(verifierList,ephemeralPublicPointList,keyShareList)))
  signature_{{myId}}:=Sign Session and Send(toBeSigned)
  Broadcast(":3mpCat:3SignedSessionParameters:3",signature_{{myId}})



Procedure ComputeSessionDigest
Input: lastMessage
  for each message in Messages Received from lastDigestedMessage+1 till lastMessage, do
     sesionDigest:=Hass(sessionDigest,message) 
     LRU Cache Store Digest(sessionDigest, message)
  return sessionDigest,lastMessageId



Procedure NewKeyShareMessage
Input: metaMessage
# Based on metaMessage Determines what type of keyshare needs to be send (Ephemeral point or Group key share) and returen it.



Procedure UpdateNewKeyStatus
Input: keyShareMessage
# Update the table of which participant has sent its new ephemeral point or its new group key share



Procedure Hash
Input: message
   return SHA-512(message)
Retrieved from "https://learn.equalit.ie/mw/index.php?title=MpOTR/algorithm_dump&oldid=611"