Skip to content

Commit

Permalink
Final section
Browse files Browse the repository at this point in the history
  • Loading branch information
@expede
expede committed Jul 12, 2023
1 parent 4329702 commit 1efeb25
Showing 1 changed file with 17 additions and 7 deletions.
24 changes: 17 additions & 7 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,11 +60,25 @@ Each encrypted payload MUST include a unique 24-byte [initialization vector][IV]

### 2.1.2 Diffie-Hellman Key Derivation

AWAKE MUST use [HKDF] to derive keys. Key derivation in the AWAKE handshake MUST use the following algorithms:
AWAKE MUST use [HKDF] to derive keys. Key derivation in the AWAKE handshake MUST use the following algorithm:

``` javascript
// JS-flavored Pseudocode

const ecdhSecret = ecdh(aliceSk, bobPk)
const awakeTag = 0x4157414B452D5543414E // "AWAKE-UCAN" as hex
const pseudorandomBits = hkdf.generateBits({
ecdhSecret,
salt: initialRequestorPublicKey,
info: awakeTag, // No secret concatenated onto the tag
bitLength: 608
})
const [XChaChaKey, iv, nextSecret] = pseudorandomBits.splitKeysAndIv()
```

FIXME
The shared secret MUST be generated using [X25519]. Non-extractable keys SHOULD be used where available. The sender MUST rotate their public key on every send.

This step MUST [omit the the info parameter][HDKF Randomness], since no input secret is available.

``` mermaid
flowchart
Expand Down Expand Up @@ -101,11 +115,6 @@ flowchart
Next -.-> HKDF
```




The shared secret MUST be generated using [X25519]. Non-extractable keys SHOULD be used where available. The sender MUST rotate their public key on every send.

## 2.2 Messagaging Layer Security

After the AWAKE handshake, the protocol switches over to the Messaging Layer Security ([MLS]) protocol with UCAN credentials. MLS establishes an efficient post-comporimise security channel with group management.
Expand Down Expand Up @@ -478,6 +487,7 @@ Many of the cryptographic algorithms uses in AWAKE are suseptible to a hypotheti
[mutual authentication]: https://en.wikipedia.org/wiki/Mutual_authentication
[SafeCurves]: https://safecurves.cr.yp.to/
[Secure Curves in WebCrypto]: https://blogs.igalia.com/jfernandez/2023/06/20/secure-curves-in-the-web-cryptography-api/
[HKDF Randomness]: https://soatok.blog/2021/11/17/understanding-hkdf#how-should-you-introduce-randomness-into-hkdf

<!-- Internal Links -->

0 comments on commit 1efeb25

Please sign in to comment.