olm.rst 1.41 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
Olm: A Crytographic Ratchet
===========================

An implementation of the cryptographic ratchet described by
https://github.com/trevp/axolotl/wiki.


The Olm Algorithm
-----------------

.. figure:: Axolotl.svg


Initial setup
~~~~~~~~~~~~~

The setup takes four Curve25519 inputs: Identity keys for Alice and Bob,
:math:`I_A` and :math:`I_B`, and emphemeral keys for Alice and Bob,
:math:`E_A` and :math:`E_B`. A shared secret, :math:`S`, is generated using
Triple Diffie-Hellman. The initial 256 bit root key, :math:`R_0`, and 256 bit
chain key, :math:`C_{0,0}`, are derived from the shared secret using an
HMAC-based Key Derivation Function (HKDF).

.. math::
    \begin{align}
        S&=ECDH\left(I_A,\,E_B\right)\;\parallel\;ECDH\left(E_A,\,I_B\right)\;
            \parallel\;ECDH\left(E_A,\,E_B\right)\\
        R_0\;\parallel\;C_{0,0}&=HKDF(S,\,\text{"OLM\_ROOT"})
    \end{align}

Advancing the root key
~~~~~~~~~~~~~~~~~~~~~~

Advancing a root key takes the previous root key, :math:`R_{i-1}`, and two
Curve25519 inputs: The previous ratchet key, :math:`T_{i-1}`, and the current
ratchet key :math:`T_{i}`. The even ratchet keys are generated by Alice.
The odd ratchet keys are generated by Bob. A shared secret, `S` is generated
using Diffie-Hellman on the ratchet keys. The next root key, :math:`R_o`, and
chain key, :math:`C_{i,0}`, are derived from the shared secret using an
HMAC-based Key Derivation Function (HKDF).