Responder(Bobby)ServerInitiator(Alice)Responder(Bobby)ServerInitiator(Alice)loop[Until Bobby responds]par[[Registration]][[Alice Session Setup]][[Bobby Session Setup]][[Symmetric ratchet stage]][[Asymmetric ratchet stage]]1. long-term identity key(ik)2. medium-term "signed prekey"(prek)3. multiple short term "one-time prekeys" keys)eprek4. signature to prek using iksend public pub keys of 1~4(pre-key bundle)generate ik, prek, eprek, sign prek w iksend pre-key bundle (ipk, prepk, sig of prepk w ik, multiple eprepk)request Bobby PubKeysipk-b, prepk-b, sig of prepk-b, eprepk-b(if available)removes the sent eprepk-bgenerate ephemeral ratchet public key(rchpk) and ephemeral key (ek/epk)calculates master secret(ms) with several ECDH (1)use HKDF and derive root key/chaining keys(rk, ck) from msrchpk-a & epk-a & ipk-a, identifier for eprepk-b used, message (hi!)makes sure bobby knows which ik, prek, eprek Alice usedderives ms with received keysKDF(ck) -> new mk & updated ckencrypt message, delete old cksecond message(how are you?), new eprkgenerate eprkderive ck, mkencrypt messageeprk, first message (hello!)
or
By clicking below, you agree to our terms of service.
New to HackMD? Sign up
HackMD
