search

opendexnetwork / opendex.network

Website 👋
https://opendex.network
GNU Affero General Public License v3.0
19 stars 10 forks source link

Add Key Exchange Flow in BOLD #2 #10

Open kilrau opened 4 years ago

kilrau commented 4 years ago
  1. Sita sends the first SessionInit message to Rama
  2. Rama responds with SessionAck message
  3. Rama sends SessionInit message to Sita
  4. Sita sends SessionAck message to Rama
  5. Sita calculates shared key_S based on Rama's SessionInit, Rama does the same. Rama calculates shared key_R based on Sita's session init message, Sita does the same. Sita uses shared key_S and Rama shared key_R for encyrpting messages from there on. The derived key for each "init/ack" interaction is used to encrypt traffic going to the initiator of the interaction. So the side which sent "init" is using it to decrypt incoming data, and the side which sent "ack" to encrypt outgoing data.

Details: https://github.com/bitcoin/bips/blob/master/bip-0151.mediawiki

LePremierHomme commented 4 years ago

Why not using Alice & Bob?

  1. Alice connects to Bob
  2. Alice creates an ephemeral ECDH key pair and sends Bob SessionInit with the public key
  3. Bob receives SessionInit, creates an ephemeral ECDH key pair and sends back to Alice SessionAck with the public key. Meanwhile he calculates the derived shared key which will be used to encrypt all future outgoing messages to Alice
  4. Alice received SessionAck and calculates the derived shared key which will be used to decrypt all future incoming messages from Bob.
  5. Steps 2-4 are repeated starting with Bob instead of Alice
kilrau commented 4 years ago

Because Alice and Bob cause me to eye-roll by now ;) and https://www.theregister.co.uk/2012/10/01/crypto_analogies/.

Apart from that, the steps you outlined look good.