Commit 49c117c6 authored by Mark Haines's avatar Mark Haines
Browse files

Start writing protocol spec for olm

parent 41a8fb61
Olm: A Crytographic Ratchet
===========================
An implementation of the cryptographic ratchet described by
https://github.com/trevp/axolotl/wiki.
The Olm Algorithm
-----------------
.. figure:: Axolotl.svg
Initial setup
~~~~~~~~~~~~~
The setup takes four Curve25519 inputs: Identity keys for Alice and Bob,
:math:`I_A` and :math:`I_B`, and emphemeral keys for Alice and Bob,
:math:`E_A` and :math:`E_B`. A shared secret, :math:`S`, is generated using
Triple Diffie-Hellman. The initial 256 bit root key, :math:`R_0`, and 256 bit
chain key, :math:`C_{0,0}`, are derived from the shared secret using an
HMAC-based Key Derivation Function (HKDF).
.. math::
\begin{align}
S&=ECDH\left(I_A,\,E_B\right)\;\parallel\;ECDH\left(E_A,\,I_B\right)\;
\parallel\;ECDH\left(E_A,\,E_B\right)\\
R_0\;\parallel\;C_{0,0}&=HKDF(S,\,\text{"OLM\_ROOT"})
\end{align}
Advancing the root key
~~~~~~~~~~~~~~~~~~~~~~
Advancing a root key takes the previous root key, :math:`R_{i-1}`, and two
Curve25519 inputs: The previous ratchet key, :math:`T_{i-1}`, and the current
ratchet key :math:`T_{i}`. The even ratchet keys are generated by Alice.
The odd ratchet keys are generated by Bob. A shared secret, `S` is generated
using Diffie-Hellman on the ratchet keys. The next root key, :math:`R_o`, and
chain key, :math:`C_{i,0}`, are derived from the shared secret using an
HMAC-based Key Derivation Function (HKDF).
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment