libhydrogen icon indicating copy to clipboard operation
libhydrogen copied to clipboard

Published 20 hours ago verified publisher icon jedisct1

How to send a message using KK_variant Key exchange?

Open KamiK2K opened this issue 3 years ago • 6 comments

Hi,

In my case server and the client know their peer's public keys and I am using KK-Variant Key exchange algorithm to perform an Asymmetric encryption. I need to encrypt a message using a remote device's public key and send it to the remote device, and vice versa.

How does this message transfer work in the KK variant, I don't understand how to use session_kp.tx and session_kp.rx to send and receive the data to and from a remote device respectively.

Has anybody done this before that can help me please?

Thanks

KamiK2K avatar Aug 03 '22 22:08 KamiK2K

Have you already found the wiki article on the KK-variant?

Crest avatar Aug 03 '22 22:08 Crest

Thank you for your answer @Crest , Yes I read most of the wiki documentation for this library along with KK_Variant and secretbox. Based on the Author's comment here ; I believe that we can use this same secretbox function for asymmetric encryption when we have computed the keys from on of the key exchange mechanisms. Is this correct?

If it is, will the authentication tags be verified with asymmetric keys?

I have not tested this scenario, I will update this thread after I test this idea and let you know if it works or not.

I am little bit confused on how to use the KK-Variant and send a encrypted message to a remote device and vice versa.

Any help is truly appreciated, Kami

KamiK2K avatar Aug 04 '22 16:08 KamiK2K

After the key exchange (using KK or any other mechanism), you end up with two keys.

Use the first one as a secretbox key to send data in one direction (for example for messages sent by the initiator to the receiver), and the second one also with secretbox in the other direction (for example for messages sent by the receiver to the initiator).

jedisct1 avatar Aug 04 '22 17:08 jedisct1

Thank you for your response @jedisct1 I think I got your point, thank you for your support and help.

KamiK2K avatar Aug 04 '22 17:08 KamiK2K

Hi Again,

Note: I am using hydro_sign_keygen () function to generate the keys for both sides then I clamp the private key (secret key) of the client and the server to reduce their size from 64 Bytes to 32 Bytes.

I am using KK_Variant and calling hydro_kx_kk_1( ) function, which initializes the client_st variable, and writes to packet1;

Then when I call the second function hydro_kx_kk_2( ) and pass packet1 along with the peer's public key and local device's (server's) key pair, it doesn't load packet2 and does not generate the session key pair for the server,

when I check the following conditional statement:

if (hydro_kx_kk_2(&session_kp, packet2, packet1, client_static_kp.pk, &server_static_kp) != 0) { // abort } it doesn't enter inside the if statement, which means the function operates properly as intended, but I don't get the outputs that I need from this function!

Similar thing happens for my hydro_kx_kk_3 () function call.

Can somebody let me know what am I missing in using this function?

Any help is much appreciated :) Kami

KamiK2K avatar Aug 05 '22 15:08 KamiK2K

I think I got my answer on Authors comment on isuue8 where he says:

kx_keypair() "clamps" the secret scalar. The 3 low bits are cleared to make it a multiple of the cofactor, and prevent small subgroup attacks. Since a single party is required for signing, sign_keypair() doesn't perform this clamping operation. Using a key exchange key pair for signatures will work, but not the other way round.

Thank you :)

KamiK2K avatar Aug 05 '22 16:08 KamiK2K