----- Forwarded message from Joseph Lorenzo Hall <joe@cdt.org> ----- Date: Thu, 22 Aug 2013 14:03:55 -0400 From: Joseph Lorenzo Hall <joe@cdt.org> To: liberationtech <liberationtech@lists.stanford.edu> Subject: [liberationtech] Open Whisper Systems' neat asynch FPS "pre-keying" User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130801 Thunderbird/17.0.8 Reply-To: liberationtech <liberationtech@lists.stanford.edu> https://whispersystems.org/blog/asynchronous-security/ ... The TextSecure Protocol TextSecure’s upcoming iOS client (and Android data channel client) uses a simple trick to provide asynchronous messaging while simultaneously providing forward secrecy. At registration time, the TextSecure client preemptively generates 100 signed key exchange messages and sends them to the server. We call these “prekeys.” A client that wishes to send a secure message to a user for the first time can now: 1. Connect to the server and request the destination’s next “prekey.” 2. Generate its own key exchange message half. 3. Calculate a shared secret with the prekey it received and its own key exchange half. 4. Use the shared secret to encrypt the message. 5. Package up the prekey id, the locally generated key exchange message, and the ciphertext. 6. Send it all in one bundle to the destination client. The user experience for the sender is ideal: they type a message, hit send, and an encrypted message is immediately sent. The destination client receives all of this as a single push notification. When the user taps it, the client has everything it needs to calculate the key exchange on its end, immediately decrypt the ciphertext, and display the message. With the initial key exchange out of the way, both parties can then continue communicating with an OTR-style protocol as usual. Since the server never hands out the same prekey twice (and the client would never accept the same prekey twice), we are able to provide forward secrecy in a fully asynchronous environment. -- Joseph Lorenzo Hall Senior Staff Technologist Center for Democracy & Technology 1634 I ST NW STE 1100 Washington DC 20006-4011 (p) 202-407-8825 (f) 202-637-0968 joe@cdt.org PGP: https://josephhall.org/gpg-key fingerprint: BE7E A889 7742 8773 301B 4FA1 C0E2 6D90 F257 77F8 -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys@stanford.edu. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5