MpOTR/algorithm dump

Revision as of 18:56, 28 July 2014 by Vmon (Talk | contribs)

Chatroom setup

Procedure Chatroom Init
Input: newRoomName, participantNick
  Global myId:=1
  Global Nick_{{myId}}:=participantNick
  Global roomName:=newRoomName
  Global x_{{myId}},y_{{myId}}:=  Generate Initial Paramters(myId)
  Global signatureKey_{{myId}}:=(x_{{myId}},y_{{myId}})
  participantList:=[Nick_{{myId}}]
  ephemeralPublicPointList:=[y_{{myId}},y_{{other}}]


Procedure Verify Verifier Generate Init Key
Input: schnorrRandomPoint_{{other}}, Hv_{{other}}, v_{{other}}, y_{{other}}, Nick_{{other}}
   Verify Verifiers()
  Global sessionKey:=Hash(x_{{myId}}y_{{other}},sessionId)
  toBeSigned:=Hash(Hash(sessionId||Hash(y_{1},v_{1})||Hash(y_{2},v_{2})))
   Sign Session and Send(toBeSigned)



Join

Procedure Join
Input: newRoomName, Nickname_{{myId}}, participantId
  Global myId:=participantId
  Global roomName:=newRoomName
  x_{{myId}},y_{{myId}}:= Generate Initial Paramters(Participant ID myId)
  Global signatureKey_{{myId}}:=(x_{{myId}},y_{{myId}})
   Broadcast(":3mpCat:3Join:3", myId, Nickname_{{myId}}, y_{{myId}})
  Global participantList,ephemeralPublicPointList:=  Receive()
  Global sessionId:=  Compute Session Id(roomName, participantList, ephemeralPublicPointList)
   Sign and Send Key Confirmation and Shares()
   Wait On Receive(":3mpCat:3KeyConfirmationShare:3")
  Global keyShareList,keyConfirmationList,signatureList:=  Receive()
   Verify Key Confirmations and Signatures(keyConfirmationList, signatureList)
   Update Session Key()


Procedure Receive Session Digest
Input: currentSessionHistoryDigest
  Global sessionDigest:=currentSessionHistoryDigest



Protocol for other participants already in the chat to accept the newcomer

Procedure Accept
Input: newParticipant
   Broadcast(":3mpCat:3Join:3", myId, Nickname_{{myId}}, y_{{myId}})
   Wait On Receive(":3mpCat:3Join:3")
  Global nick_{{NewParticipant}}, ephemeralPublicPoint_{{NewParticipant}}:=  Receive()
   Update Lists(nick_{{NewParticipant}}, ephemeralPublicPoint_{{NewParticipant}})
  Global sessionId:=  Compute Session Id(roomName, participantList, ephemeralPublicPointList)
   Sign and Send Key Confirmation and Shares()
   Wait On Receive(":3mpCat:3KeyConfirmationShare:3")
  Global keyShareList,keyConfirmationList,signatureList:=  Receive()
   Verify Key Confirmations and Signatures(keyConfirmationList, signatureList)
   Update Session Key()
   Send(sessionDigest)


Farewell

Procedure Shrink on Leave
Input: leaverId
  Remove leaverId from participantIdList
  Global sessionId:=  Compute Session Id()
 If|participantList|>1, then
   Sign and Send Key Shares()
   Wait On Receive(":3mpCat:3KeyShare:3")
  keyShareList := Receive{}
   Update Session Key(keyShareList)


Procedure Sign and Send Key Shares
Input: 
  Global z_{{myId-1,myId}}:=Hash(k_{{myId,myId-1}},sessionId)
  Global z_{{myId,myId+1}}:=Hash(k_{{myId,myId+1}},sessionId)
  keyShare_{{myId}}:=z_{{myId-1,myId}}\oplus z_{{myId,myId+1}}
  originAuthSignature:=  ED25519Sign(SignatureKey, sessionId || z_{{myId}})
   Broadcast(":3mpCat:3KeyShare:3", myId, keyShare_{{myId}}, originAuthSignature)


Send

Procedure Send
Input: Message}{MetaMessage, message
keyShareMessage =  NewKeyShareMessage(MetaMessage)
cryptMessage :=  AES CTR Encrypt(sessionKey,message|keyShareMessage)
originAuthSignature :=  ED25519Sign(SignatureKey, sessionId || cryptMetatMessage)
sessionDigest :=  Compute Session Digest(lastMessage)
 Broadcast(":3mpCat:3", sessionId, cryptMessage, sessionDigest, originAuthSignature,":3")


Recieve

Procedure Receive
Input: sender, encryptedMessage, originAuthSignature, sessionDigest
v:=  ED25519VerifySignature(ephemeralPublicKeyList[Sender], sessionId||encryptedMessage, originAuthSignature)
 Assert(v)
message,keyShareMessage:=  AES CTR Decrypt(sessionKey, encryptedMessage)
isMetaMessage= UpdateNewKeyStatus(keyShareMessage)
 Verify Digests(sessionDiges)
Return{isMetaMessage,message}


\subsection{Common functions}


Common functions used by other procedures in different stages

Procedure Generate Initial Paramters
Input: myId
  signaturePrivateKey:=  RandomBits(256)
  x_{{myId}}:=  Ed25519 Scalar(signaturePrivateKey))
  y_{{myId}}:=x_{{myId}}P
 Return x,y


Procedure Verify Key Confirmation and Signatures
Input: signatureList, keyConfirmationList
  For each participant\in participantList}, do
    \If{keyConfirmationList[participant][myId]\neq Hash(k_{{myId,participant}},U_{{myId}})}
       Halt()
     ' \If{ ED25519VerifySignature(ephemeralPublicKeyList[particicpant], sessionId||keyShares[myId], originAuthSignature)'
       Halt()


Procedure Compute Session Id
Input: participantList, ephemeralPublicPointList
  Return Hash(roomeName,zip(participantList,ephemeralPublicPointList)) # zip([a,b],[c,d]):=[(a,c),(b,d)]


Procedure Verify Signatures
Input: longPublicList,schnorrRandomPointList, 


Procedure Sign and Send Key Confirmation and Share
Input: schnorrRandomPointList
For each participant\in participantList, do
    k_{{myId,participant}}:=H(g^{{lp_{{myId}}}}LP_{{participant}}y_{{participant}}^{{x_{{myId}}}}) # Triple DH
    kc_{{myId}}:=kc_{{myId}}|H(k_{{myId,participant}},U_{{participant}})


  Global z_{{myId-1,myId}}:=Hash(k_{{myId,myId-1}},sessionId)
  Global z_{{myId,myId+1}}:=Hash(k_{{myId,myId+1}},sessionId)
  keyShare_{{myId}}:=z_{{myId-1,myId}}\oplus z_{{myId,myId+1}}


    originAuthSignature:=  ED25519Sign(SignatureKey, sessionId || z_{{myId}})
   Broadcast(":3mpCat:3KeyConfirmationAndShare:3", myId, keyShare_{{myId}}, originAuthSignature, kc_{{myId}})


Procedure Update Session Key
Input: keyShareList
i:=myId

For each {j\in [i,...,i+n-1]}}, do

  z_{{j,j+1}}:=z_{{j-1,j}}\oplus keyShareListe[j+1]
# recovered z_{{i-1,i}} should be equal to its original value
Global sessionKey:=Hash(z_{{j,j+1}}|j\in [1...n])


Procedure Sign Params Update Session Key
Input: toBeSigned, signatureList, keyShareList
 Update Session Key()
toBeSigned:=Hash(sessionId,||Hash(verifierList,ephemeralPublicPointList,keyShareList)))
signature_{{myId}}:= Sign Session and Send(toBeSigned)
 Broadcast(":3mpCat:3SignedSessionParameters:3",signature_{{myId}})


Procedure ComputeSessionDigest
Input: lastMessage

For each message in Messages Received from lastDigestedMessage+1 till lastMessage}, do

sesionDigest:=  Hash(sessionDigest, message)
 LRU Cache Store Digest(sessionDigest, message)
Return sessionDigest,lastMessageId