Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
matrix-org
Olm
Commits
a9c7bde4
Commit
a9c7bde4
authored
Nov 08, 2019
by
Richard van der Hoff
Browse files
Update signing.md
parent
52098b3a
Changes
1
Hide whitespace changes
Inline
Side-by-side
docs/signing.md
View file @
a9c7bde4
...
...
@@ -49,13 +49,14 @@ compromised keys, and sends a pre-key message using a shared secret $`S`$,
where:
```
math
S = ECDH\left(I_A,\,E_E\right)\;\parallel\;ECDH\left(E_A,\,I_B\right)\;
\parallel\;ECDH\left(E_A,\,E_E\right)
S = ECDH\left(I_A,E_E\right)\;\parallel\;
ECDH\left(E_A,I_B\right)\;\parallel\;
ECDH\left(E_A,E_E\right)
```
Eve cannot decrypt the message because she does not have the private parts of
either $
`E_A`
$ nor $
`I_B`
$, so cannot calculate
$
`ECDH\left(E_A,
\,
I_B\right)`
$. However, suppose she later compromises
$
`ECDH\left(E_A,I_B\right)`
$. However, suppose she later compromises
Bob's identity key $
`I_B`
$. This would give her the ability to decrypt any
pre-key messages sent to Bob using the compromised one-time keys, and is thus a
problematic loss of forward secrecy. If Bob signs his keys with his Ed25519
...
...
@@ -66,8 +67,9 @@ On the other hand, signing the one-time keys leads to a reduction in
deniability. Recall that the shared secret is calculated as follows:
```
math
S = ECDH\left(I_A,\,E_B\right)\;\parallel\;ECDH\left(E_A,\,I_B\right)\;
\parallel\;ECDH\left(E_A,\,E_B\right)
S = ECDH\left(I_A,E_B\right)\;\parallel\;
ECDH\left(E_A,I_B\right)\;\parallel\;
ECDH\left(E_A,E_B\right)
```
If keys are unsigned, a forger can make up values of $
`E_A`
$ and
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment