[liberationtech] Open Whisper Systems' neat asynch FPS "pre-keying"

Eugen Leitl eugen@leitl.org
Fri Aug 23 04:07:39 PDT 2013


----- Forwarded message from Joseph Lorenzo Hall <joe@cdt.org> -----

Date: Thu, 22 Aug 2013 14:03:55 -0400
From: Joseph Lorenzo Hall <joe@cdt.org>
To: liberationtech <liberationtech@lists.stanford.edu>
Subject: [liberationtech] Open Whisper Systems' neat asynch FPS "pre-keying"
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
Reply-To: liberationtech <liberationtech@lists.stanford.edu>

https://whispersystems.org/blog/asynchronous-security/

...

The TextSecure Protocol

TextSecure’s upcoming iOS client (and Android data channel client) uses
a simple trick to provide asynchronous messaging while simultaneously
providing forward secrecy.

At registration time, the TextSecure client preemptively generates 100
signed key exchange messages and sends them to the server. We call these
“prekeys.” A client that wishes to send a secure message to a user for
the first time can now:

1.  Connect to the server and request the destination’s next “prekey.”
2.  Generate its own key exchange message half.
3.  Calculate a shared secret with the prekey it received and its own
key exchange half.
4.  Use the shared secret to encrypt the message.
5.  Package up the prekey id, the locally generated key exchange
message, and the ciphertext.
6.  Send it all in one bundle to the destination client.

The user experience for the sender is ideal: they type a message, hit
send, and an encrypted message is immediately sent.

The destination client receives all of this as a single push
notification. When the user taps it, the client has everything it needs
to calculate the key exchange on its end, immediately decrypt the
ciphertext, and display the message.

With the initial key exchange out of the way, both parties can then
continue communicating with an OTR-style protocol as usual. Since the
server never hands out the same prekey twice (and the client would never
accept the same prekey twice), we are able to provide forward secrecy in
a fully asynchronous environment.

-- 
Joseph Lorenzo Hall
Senior Staff Technologist
Center for Democracy & Technology
1634 I ST NW STE 1100
Washington DC 20006-4011
(p) 202-407-8825
(f) 202-637-0968
joe@cdt.org
PGP: https://josephhall.org/gpg-key
fingerprint: BE7E A889 7742 8773 301B 4FA1 C0E2 6D90 F257 77F8


-- 
Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys@stanford.edu.

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5



More information about the cypherpunks mailing list