@@ -8,7 +8,7 @@ Bramble QR Code Protocol (BQP) is a key agreement protocol that establishes a sh
Each peer displays a QR code containing a commitment to an ephemeral public key and information about how to connect to the peer over various short-range transports. The peers scan each other's QR codes and use the transport information to establish an insecure connection. The peers then exchange public keys matching their commitments over the insecure connection.
Each peer derives a shared secret from its own private key and the received public key, then derives a master key from the shared secret. The master key is returned to the calling application, which may use it to derive other keys for communicating securely over the transport connection, or for other purposes.
Each peer derives a shared secret from its own private key and the received public key, then derives an ephemeral master key from the shared secret. The peers exchange confirmation codes to verify that they have received each other's public keys. The master key is returned to the calling application, which may use it to derive other keys for communicating securely over the transport connection, or for other purposes.
### 1.2 Adversary Model
...
...
@@ -138,9 +138,9 @@ Each peer knows it has received the correct public key because it has compared t
Alice sends a CONFIRM record containing confirm\_a. Bob compares the received confirm\_a to the confirm\_a he calculated. If the values do not match, Bob aborts the protocol.
...
...
@@ -148,9 +148,9 @@ Bob sends a CONFIRM record containing confirm\_b. Alice compares the received co
## 5 Master Key Derivation Phase
Finally, each peer derives the master key from the cooked shared secret:
Finally, each peer derives the ephemeral master key from the cooked shared secret:
The peers must then delete the raw and cooked shared secrets, allowing the calling application to use the master key for forward secret communication if required.