Skip to content
Snippets Groups Projects
Commit 16ae285f authored by akwizgran's avatar akwizgran
Browse files

Fix description of confirmation code derivation.

parent a49c5e61
No related branches found
No related tags found
No related merge requests found
......@@ -8,7 +8,7 @@ Bramble QR Code Protocol (BQP) is a key agreement protocol that establishes a sh
Each peer displays a QR code containing a commitment to an ephemeral public key and information about how to connect to the peer over various short-range transports. The peers scan each other's QR codes and use the transport information to establish an insecure connection. The peers then exchange public keys matching their commitments over the insecure connection.
Each peer derives a shared secret from its own private key and the received public key, then derives a master key from the shared secret. The master key is returned to the calling application, which may use it to derive other keys for communicating securely over the transport connection, or for other purposes.
Each peer derives a shared secret from its own private key and the received public key, then derives an ephemeral master key from the shared secret. The peers exchange confirmation codes to verify that they have received each other's public keys. The master key is returned to the calling application, which may use it to derive other keys for communicating securely over the transport connection, or for other purposes.
### 1.2 Adversary Model
......@@ -138,9 +138,9 @@ Each peer knows it has received the correct public key because it has compared t
- confirmation\_key = KDF(cooked\_secret, "org.briarproject.bramble.keyagreement/CONFIRMATION\_KEY")
- confirm\_a = MAC(confirmation\_key, "org.briarproject.bramble.keyagreement/CONFIRMATION\_MAC", q\_a, pub\_a, q\_b, pub\_b)
- confirm\_a = KDF(confirmation\_key, "org.briarproject.bramble.keyagreement/CONFIRMATION\_MAC", q\_a, pub\_a, q\_b, pub\_b)
- confirm\_b = MAC(confirmation\_key, "org.briarproject.bramble.keyagreement/CONFIRMATION\_MAC", q\_b, pub\_b, q\_a, pub\_a)
- confirm\_b = KDF(confirmation\_key, "org.briarproject.bramble.keyagreement/CONFIRMATION\_MAC", q\_b, pub\_b, q\_a, pub\_a)
Alice sends a CONFIRM record containing confirm\_a. Bob compares the received confirm\_a to the confirm\_a he calculated. If the values do not match, Bob aborts the protocol.
......@@ -148,9 +148,9 @@ Bob sends a CONFIRM record containing confirm\_b. Alice compares the received co
## 5 Master Key Derivation Phase
Finally, each peer derives the master key from the cooked shared secret:
Finally, each peer derives the ephemeral master key from the cooked shared secret:
- master\_key = KDF(cooked\_secret, "org.briarproject.bramble.keyagreement/MASTER\_SECRET")
- ephemeral\_master\_key = KDF(cooked\_secret, "org.briarproject.bramble.keyagreement/MASTER\_SECRET")
The peers must then delete the raw and cooked shared secrets, allowing the calling application to use the master key for forward secret communication if required.
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment