go-secretstream icon indicating copy to clipboard operation
go-secretstream copied to clipboard

Published 20 hours ago verified publisher icon ssbc

fix key derivation

Open david415 opened this issue 7 years ago • 2 comments

according to @dominictarr 's secret-handshake paper the shared secret resulting from the secret handshake is:

K|a · b|a · B|A · b

where in your code you use a · b and concatenate it with a public key before hashing to derive the shared secret for each unidirectional stream.

david415 avatar Mar 15 '17 15:03 david415

Ah, this is about setting up box-stream (encryption for the rest of the session) which isn't described in the paper (because it's just about the handshake). The paper is good at describing the reasoning behind the protocol, but we need something more exact (algorithms, and byte lengths, etc) for implementers.

dominictarr avatar Mar 15 '17 21:03 dominictarr

i suppose it makes sense to start with the shared secret negotiated by the handshake and then concatenating that with ephemeral public keys to split the shared secret into two shared secrets one for each direction of stream flow.

"Alice and Bob can now use their shared secret, K|a · b|a · B|A · b, with a bulk encryption protocol to secure a two-way communication channel."

david415 avatar Mar 15 '17 22:03 david415