Commit ec91dd45 authored by Richard van der Hoff's avatar Richard van der Hoff
Browse files

Megolm.rst: add Background and footer

parent c07444d3
......@@ -3,6 +3,35 @@ Megolm group ratchet
An AES-based cryptographic ratchet intended for group communications.
The Megolm ratchet is intended for encrypted messaging applications where there
may be a large number of recipients of each message, thus precluding the use of
peer-to-peer encryption systems such as `Olm`_.
It also allows a receipient to decrypt received messages multiple times. For
instance, in client/server applications, a copy of the ciphertext can be stored
on the (untrusted) server, while the client need only store the session keys.
Each participant in a conversation uses their own session, which consists of a
ratchet, and an Ed25519 keypair.
Secrecy is provided by the ratchet, which can be wound forwards, via hash
functions, but not backwards, and is used to derive a distinct message key
for each message.
Authenticity is provided via the Ed25519 key.
The value of the ratchet, and the public part of the Ed25519 key, are shared
with other participants in the conversation via secure peer-to-peer
channels. Provided that peer-to-peer channel provides authenticity of the
messages to the participants and deniability of the messages to third parties,
the Megolm session will inherit those properties.
The Megolm algorithm
......@@ -206,6 +235,16 @@ The length of the signature is determined by the signing algorithm being used
(64 bytes in this version of the protocol). The signature covers all of the
bytes preceding the signaure.
The Megolm specification (this document) is hereby placed in the public domain.
Can be sent to richard at
.. _`Ed25519`:
.. _`HMAC-based key derivation function`:
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment