[messaging] Axolotl questions

Sunny Marueli sunnym at gmail.com
Mon Dec 15 04:16:39 PST 2014


I've been looking at the Axolotl Ratchet protocol and have a few questions:

- If a message is lost, it seems one must try to decrypt an incoming
message with different keys, one after the other. This seems wasteful - why
not maintain a "ratchet count" that can map directly to the right root key
to use?

- Key chaining means all previous keys in the chain are required. Why not
instead "reuse" the original handshake?
That is, initially Alice and Bob send their identity keys (IDa, IDb) and
ephemeral keys (A0, B0). Now, if Alice wants to perform a ratchet, she will
generate a new key pair (A1) and then perform the handshake again with IDa,
IDb, A1, B0 (it will indicate it is using the B0 for the handshake). Bob
will then create B1 and will perform 3DHE with IDa, IDb, A1, B1, ...

This seems somewhat simpler than Axolotl, but allows a simpler handling of
missing messages.

What am I missing?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141215/54758db1/attachment.html>

More information about the Messaging mailing list