Verified Commit 08b065ab authored by Nadim Kobeissi's avatar Nadim Kobeissi 💎

Remove constants from signal model

parent 42fd84bc
Pipeline #545 passed with stages
in 40 seconds
......@@ -4,13 +4,11 @@
attacker[active]
principal Alice[
knows public c0, c1, c2, c3, c4
knows private alongterm
galongterm = G^alongterm
]
principal Bob[
knows public c0, c1, c2, c3, c4
knows private blongterm, bs
generates bo
gblongterm = G^blongterm
......@@ -24,8 +22,8 @@ Bob -> Alice: [gblongterm], gbssig, gbs, gbo
principal Alice[
generates ae1
gae1 = G^ae1
amaster = HASH(c0, gbs^alongterm, gblongterm^ae1, gbs^ae1, gbo^ae1)
arkba1, ackba1 = HKDF(amaster, c1, c2)
amaster = HASH(nil, gbs^alongterm, gblongterm^ae1, gbs^ae1, gbo^ae1)
arkba1, ackba1 = HKDF(amaster, nil, nil)
]
principal Alice[
......@@ -33,22 +31,22 @@ principal Alice[
gae2 = G^ae2
_ = SIGNVERIF(gblongterm, gbs, gbssig)?
akshared1 = gbs^ae2
arkab1, ackab1 = HKDF(akshared1, arkba1, c2)
akenc1, akenc2 = HKDF(MAC(ackab1, c3), c1, c4)
arkab1, ackab1 = HKDF(akshared1, arkba1, nil)
akenc1, akenc2 = HKDF(MAC(ackab1, nil), nil, nil)
e1 = AEAD_ENC(akenc1, m1, HASH(galongterm, gblongterm, gae2))
]
Alice -> Bob: [galongterm], gae1, gae2, e1
principal Bob[
bmaster = HASH(c0, galongterm^bs, gae1^blongterm, gae1^bs, gae1^bo)
brkba1, bckba1 = HKDF(bmaster, c1, c2)
bmaster = HASH(nil, galongterm^bs, gae1^blongterm, gae1^bs, gae1^bo)
brkba1, bckba1 = HKDF(bmaster, nil, nil)
]
principal Bob[
bkshared1 = gae2^bs
brkab1, bckab1 = HKDF(bkshared1, brkba1, c2)
bkenc1, bkenc2 = HKDF(MAC(bckab1, c3), c1, c4)
brkab1, bckab1 = HKDF(bkshared1, brkba1, nil)
bkenc1, bkenc2 = HKDF(MAC(bckab1, nil), nil, nil)
m1_d = AEAD_DEC(bkenc1, e1, HASH(galongterm, gblongterm, gae2))
]
......@@ -56,8 +54,8 @@ principal Bob[
generates m2, be
gbe = G^be
bkshared2 = gae2^be
brkba2, bckba2 = HKDF(bkshared2, brkab1, c2)
bkenc3, bkenc4 = HKDF(MAC(bckba2, c3), c1, c4)
brkba2, bckba2 = HKDF(bkshared2, brkab1, nil)
bkenc3, bkenc4 = HKDF(MAC(bckba2, nil), nil, nil)
e2 = AEAD_ENC(bkenc3, m2, HASH(gblongterm, galongterm, gbe))
]
......@@ -65,8 +63,8 @@ Bob -> Alice: gbe, e2
principal Alice[
akshared2 = gbe^ae2
arkba2, ackba2 = HKDF(akshared2, arkab1, c2)
akenc3, akenc4 = HKDF(MAC(ackba2, c3), c1, c4)
arkba2, ackba2 = HKDF(akshared2, arkab1, nil)
akenc3, akenc4 = HKDF(MAC(ackba2, nil), nil, nil)
m2_d = AEAD_DEC(akenc3, e2, HASH(gblongterm, galongterm, gbe))
]
......@@ -74,8 +72,8 @@ principal Alice[
generates m3, ae3
gae3 = G^ae3
akshared3 = gbe^ae3
arkab3, ackab3 = HKDF(akshared3, arkba2, c2)
akenc5, akenc6 = HKDF(MAC(ackab3, c3), c1, c4)
arkab3, ackab3 = HKDF(akshared3, arkba2, nil)
akenc5, akenc6 = HKDF(MAC(ackab3, nil), nil, nil)
e3 = AEAD_ENC(akenc5, m3, HASH(gblongterm, galongterm, gae3))
]
......@@ -83,8 +81,8 @@ Alice -> Bob: gae3, e3
principal Bob[
bkshared3 = gae3^be
brkab3, bckab3 = HKDF(bkshared3, brkba2, c2)
bkenc5, bkenc6 = HKDF(MAC(bckab3, c3), c1, c4)
brkab3, bckab3 = HKDF(bkshared3, brkba2, nil)
bkenc5, bkenc6 = HKDF(MAC(bckab3, nil), nil, nil)
m3_d = AEAD_DEC(bkenc5, e3, HASH(gblongterm, galongterm, gae3))
]
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment