commit b8a45c4be42e314c9141ef8c77958091235fd3a1
parent b4499efce78c0f85acb29cd712b7255f6a38766b
Author: Pedram Fardzadeh <p.fardzadeh@protonmail.com>
Date: Mon, 27 May 2024 13:59:44 +0200
Adjustments for KEM
Diffstat:
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/draft-gnunet-communicators.xml b/draft-gnunet-communicators.xml
@@ -246,7 +246,8 @@
this could lead to packet interception, preventing communication between peers. The UDP communicator addresses this by encoding
the ephemeral public key into a random-looking byte stream (referred to as the "representative") before sending it. Since the
GCM tag and the encrypted data in the key exchange (KX) packet also appear random, the entire packet is indistinguishable from a
- random byte stream.
+ random byte stream. This leaves a censor with the option to either do nothing or intercept all random-looking UDP packets, thereby
+ disrupting a disproportionate part of today's internet communication.
</t>
<t>
Upon receiving a KX packet, the receiving peer decodes the representative into the original ephemeral public key and subsequently
@@ -254,15 +255,15 @@
public key. More details about the construction of the representative and Elligator can be found in <xref target="Elligator"/>.
</t>
<t>
- Let G be the basepoint of Curve25519, Ed25519_To_Curve25519() a function which converts Ed25519 points to their corresponding Curve25519
- points, Enc() Elligator's encoding function, Dec() Elligator's decoding function, RECEIVER_PEER_ID a 256-bit EdDSA public key,
- RECEIVER_SK the corresponding secret key, EPH_SK a 256-bit ephemeral secret key and SetupCipher() the HKDF defined in <xref target="setup_cipher"/>.
+ Let G be the basepoint of Curve25519, Ed_To_Curve() a function which converts Ed25519 points to their corresponding Curve25519
+ points, Enc() Elligator's encoding function, Dec() Elligator's decoding function, REC_ID the receiver's peer identity (a 256-bit EdDSA public key),
+ REC_SK the corresponding secret key, EPH_SK a 256-bit ephemeral secret key and SetupCipher() the HKDF defined in <xref target="setup_cipher"/>.
We can then define the UDP communicator’s key exchange as a KEM:
</t>
<artwork name="" type="" align="left" alt=""><![CDATA[
-Key_Gen() := (RECEIVER_SK, RECEIVER_PEER_ID)
-Encap() := (R, (K,IV)) = (Enc(G.EPH_SK, rand), SetupCipher(X25519(EPH_SK, Ed25519_To_Curve25519(RECEIVER_PEER_ID)), 0))
-Decap(R) := (K,IV) = SetupCipher(X25519(RECEIVER_SK, Dec(R)), 0)
+Key_Gen() := (REC_SK, REC_ID)
+Encap(REC_ID) := (REPR, (K,IV)) = (Enc(G.EPH_SK, rand), SetupCipher(X25519(EPH_SK, Ed_To_Curve(REC_ID)), 0))
+Decap(REPR) := (K,IV) = SetupCipher(X25519(REC_SK, Dec(REPR)), 0)
]]></artwork>
<t>
Note that the exchange of the receiver peer identity is not within the scope of the UDP communicator's key exchange and is already assumed to
