[messaging] Axolotl questions
sunnym at gmail.com
Mon Dec 15 13:03:44 PST 2014
Thanks for the prompt answer.
> In other asynchronous protocols (e.g. TextSecure) the initial setup
> just requires server contact to retrieve the recipient's "prekeys",
> and a bunch of computation. But even then, repeating this for every
> message would have more communication and computation costs than
> necessary, and relying entirely on prekeys for forward secrecy would
> have some downsides (one-time prekeys can be consumed; time-based
> prekeys have longer lifetimes),
I was thinking about something like this:
DHRs = generateECDH()
RK = HASH( DH(A, DHRr) || DH(DHRs, B) || DH(DHRs, DHRr) )
ratchet_flag = False
> so it's nice to take advantage of
> symmetric-key ratcheting.
But ratcheting involves a DH - otherwise we lose the future secrecy, no?
RK, NHKs, CKs = KDF( HMAC-HASH(RK, DH(DHRs, DHRr)) )
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Messaging