Skip to content
Snippets Groups Projects
Commit a49c5e61 authored by akwizgran's avatar akwizgran
Browse files

Clarify proof of ownership in BHP.

parent 91329da1
No related branches found
No related tags found
No related merge requests found
......@@ -107,9 +107,9 @@ If the adversary did not intercept the prior exchange of long-term public keys a
### 2.4 Proof of Ownership
The master key depends on both peers' long-term and ephemeral public keys, as well as on shared secrets that can only be derived by the owners of those keys. Each peer sends a message authentication code to prove that it has derived the correct master key, which in turn proves that it owns the long-term and ephemeral public keys received by the other peer, and has received the long-term and ephemeral public keys sent by the other peer.
The master key depends on both peers' long-term and ephemeral public keys, as well as on shared secrets that can only be derived by the owners of those keys. Each peer sends proof that it has derived the correct master key, which in turn proves that it owns the long-term and ephemeral public keys received by the other peer, and has received the long-term and ephemeral public keys sent by the other peer.
Each peer calculates its own message authentication code and the code it expects to receive from the other peer. If the code received from the other peer differs from the expected code then the peer must abort the protocol.
Each peer calculates its own proof and the proof it expects to receive from the other peer. If the proof received from the other peer differs from the expected proof then the peer must abort the protocol.
- alice\_proof = MAC(master\_key, "org.briarproject.bramble.handshake/ALICE\_PROOF")
- bob\_proof = MAC(master\_key, "org.briarproject.bramble.handshake/BOB\_PROOF")
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment