-
This should also consider how to distinguish between legitimately adding new devices and an adversary intercepting the conversation.
-
In OTRv3, public keys are send to the other conversation participant in the Reveal Signature and Signature messages, which occurs in the last two steps of the AKE.
However, for the DAKE in OTRv4, bo…
-
-
-
-
OTRv3 assumes a network model which provides in-order delivery of messages, but that some messages may not get delivered at all (for example, if the user disconnects). There may be an active attacker,…
-
We will first list ALL the pros and cons between RSDAKE&QuickSpawn and Spawn
-
Double ratcheting has weaker message forgeability properties than OTR.
See "Deniability" section of this paper: https://eprint.iacr.org/2014/904.pdf
We should investigate how to reveal MAC keys as …
-
Depends on #4
We need to add a section to describe about the primitives, which should specify the schemes:
- Auth use NIZKPK of the Knowledge of one secret Key among three public Keys.
- Choose a gro…
-
Expected output: A textual description of the DAKE on the non-interactive setting.
The network model is assumed to be the same as OTRv3: "a network model which provides in-order delivery of messages,…