[messaging] Asynchronous Ratcheting Tree

Jeff Burdges burdges at gnunet.org
Tue Jan 9 11:48:14 PST 2018

On Tue, 2018-01-09 at 12:34 +0000, Ximin Luo wrote:
> I was just forwarded this: https://eprint.iacr.org/2017/666
> It looks very nice. However, on a quick glance through the paper, it doesn't define a way to merge operations performed on the DH group tree. That seems to constrain the group chat to rely on some external mechanism to ensure that operations on the ratchet are performed (by everyone) in a linear order

I'd expect your root keys would form a directed acyclic graph without
any canonical rootkey:  

You build the mapping from (contact, H(rootkey)) to H(contact,rootkey)
for all contacts and recent root keys.  Any message that updates a root
key contains a list of H(rootkey) to incorporate, so those can used the
H(contact,rootkey) and discarded them along with antecedents.  

We must use HMAC(contact,rootkey) rather than rootkey itself so that
rootkey does not lay around waiting for some lazy guy who never replies.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20180109/c5963ee6/attachment.sig>

More information about the Messaging mailing list