Np1sec/algebraic

Revision as of 06:29, 11 September 2014 by Vmon (Talk | contribs)

Chatroom Setup

Description Pseudo-code
Generate ephemeral DH private key of the room initiator x_{i}\leftarrow [0,order(g)]
Generate DH key for BD, Triple DH and Signature y_{i}\leftarrow g^{{x_{i}}}
Set participant list plist\leftarrow [U_{i}]

Join

Description Pseudo-code
Generate ephemeral DH private key x_{i}\leftarrow [0,order(g)]
Generate DH key for BD, Triple DH and Signature y_{i}\leftarrow g^{{x_{i}}}
Broadcast User identity and the DH key (U_{i},y_{i})
Receive other users' id/key plist_{i}|klist_{i}\leftarrow (U_{1}|y_{1}|\dots |U_{n}|y_{n})
Compute Session Id sid_{i}\leftarrow H(U_{1}|y_{1}|\dots |U_{n}|y_{n})
Generate Triple Diffie-Hellman P2P keys k_{{i,j}}\leftarrow H({y_{j}}^{{lp_{i}}},LP_{j}^{{x_{i}}},y_{j}^{{x_{i}}})}}
Generate key confirmations kc_{i}\leftarrow (H(k_{{i,1}},U_{1}),\dots ,H(k_{{i,n}},U_{n}))}}
Generate secret shares z'_{{i,l}}\leftarrow H(k_{{i,i-1}},sid_{i}),z'_{{i,r}}\leftarrow H(k_{{i,i+1}},sid_{i})
Generate public shares z_{i}\leftarrow z'_{{i,l}}\oplus z'_{{i,r}}
Sign identity, shares \sigma _{i}\leftarrow Sign_{{x_{i}}}(U_{i},z_{i},sid)
Broadcast key shares and confirmation (U_{i},z_{i},\sigma _{i}kc_{i})
Receive other users' key shares and confirmation (U_{1}|z_{1},\sigma _{1},kc_{{1i}},\dots U_{n}|z_{n},\sigma _{n},kc_{{ni}})
Check validity of key confirmation kc_{i}[j]==kc_{j}[i]{\textrm  {for}}j\in \{1,\dots ,n\}
Check public shares z_{1}\oplus \dots \oplus z_{n}==0
Check signatures verify_{{y_{i}}}(\sigma _{j}){\textrm  {for}}j\in \{1,\dots ,n\}
Recover secret shares z'_{{j,r}}\leftarrow z'_{{j-1,r}}\oplus z_{j}
Generate session key k_{i}\leftarrow H(z'_{{1,r}}\dots z'_{{n,r}},sid_{i})
Broadcast session key confirmation k_{i}\leftarrow H(k_{i},sid_{i},U_{i})

Accept

Description Pseudo-code
broadcast all user's identities (U_{1}|y_{1}|\dots |U_{n}|y_{n})
Receive other users' id/key and update participant list (plist_{i}|klist_{i})\cup (U_{j}|y_{j})
Compute Session Id sid_{i}\leftarrow H(U_{1}|y_{1}|\dots |U_{n}|y_{n})
Generate Triple Diffie-Hellman P2P key for the new participant k_{{i,j}}\leftarrow H({y_{j}}^{{lp_{i}}},LP_{j}^{{x_{i}}},y_{j}^{{x_{i}}})
Generate key confirmations kc_{{i,j}}\leftarrow H(k_{{i,j}},U_{i})
Generate secret shares z'_{{i,l}}\leftarrow H(k_{{i,i-1}},sid_{i}),z'_{{i,r}}\leftarrow H(k_{{i,i+1}},sid_{i})
Generate public shares z_{i}\leftarrow z'_{{i,l}}\oplus z'_{{i,r}}
Sign identity, shares \sigma _{i}\leftarrow Sign_{{x_{i}}}(U_{i},z_{i},sid)
Broadcast key shares and confirmation (U_{i},z_{i},\sigma _{i},kc_{i})
Receive other users' key shares and new users confirmation (U_{1}|z_{1},\sigma _{1},\dots U_{n}|z_{n},\sigma _{n}),kc_{{i,j}}
Check validity of key confirmation kc_{{j,i}}==H(k_{{i,j}},U_{j})
Check public shares z_{1}\oplus \dots \oplus z_{n}==0
Check signatures verify_{{y_{i}}}(\sigma _{j}){\textrm  {for}}j\in \{1,\dots ,n\}
Recover secret shares z'_{{j,r}}\leftarrow z'_{{j-1,r}}\oplus z_{j}
Generate session key k_{i}\leftarrow H(z'_{{1,r}}\dots z'_{{n,r}},sid_{i})
Broadcast session key confirmation k_{i}\leftarrow H(k_{i},sid_{i},U_{i})

Leave

Description Pseudo-code
Remove leaving user's id/key and update participant list plist_{i}|klist_{i}{\textrm  {remove}}(U_{j}|y_{j})
Compute Session Id sid_{i}\leftarrow H(U_{1}|y_{1}|\dots |U_{n}|y_{n})
Generate key confirmations kc_{i}\leftarrow (H(k_{{i,j}},U_{j})
Generate secret shares z'_{{i,l}}\leftarrow H(k_{{i,i-1}},sid_{i}),z'_{{i,r}}\leftarrow H(k_{{i,i+1}},sid_{i})
Generate public shares z_{i}\leftarrow z'_{{i,l}}\oplus z'_{{i,r}}
Sign identity, shares \sigma _{i}\leftarrow Sign_{{x_{i}}}(U_{i},z_{i},sid)
Broadcast key shares (U_{i},z_{i},\sigma _{i},>kc_{i}}})
Receive other users' key shares Failed to parse (lexing error): (U_1|z_1,\sigma_1,\dots U_n|z_n,\sigma_n) |- |align="right"|Check validity of key confirmation |align="center"|<math>kc_i[j] == kc_j[i]
Check public shares z_{1}\oplus \dots \oplus z_{n}==0
Check signatures verify_{{y_{i}}}(\sigma _{j}){\textrm  {for}}j\in \{1,\dots ,n\}
Recover secret shares z'_{{j,r}}\leftarrow z'_{{j-1,r}}\oplus z_{j}
Generate session key k_{i}\leftarrow H(z'_{{1,r}}\dots z'_{{n,r}},sid_{i})
Broadcast session key confirmation skc_{i}\leftarrow H(k_{i},sid_{i},U_{i})


Send

Description Pseudo-code
Generate new DH Key or new key share if needed and append m\leftarrow (sid,s,m)
Append the hash of the session digest up to parent of current message m\leftarrow (m,Digest(parnet(m)),parent\_id)
Sign the message \sigma \leftarrow Sign_{{x_{i}}}(m)
Encrypt Failed to parse (PNG conversion failed; check for correct installation of latex and dvipng (or dvips + gs + convert)): e\leftarrow Enc_{k}_{{sid}}(m)
Broadcast the message (sid_{i},e,\sigma )

Receive

Description Pseudo-code
check signature verify(m)==(m,\sigma )
decrypt messagen sid_{{rec}},s,m,h,parent\_id\leftarrow Dec_{k}(m)
Verify session id and hash Failed to parse (syntax error): \sigma \leftarrow sid_i == sid_{rec} & h == Digest(parent\_id)
Update key share or session key (y_{j},z_{{ji}})
return m m