[Standards] OMEMO Key Agreement

Ignat Gavrilov ignat.gavrilov at mailfence.com
Mon May 29 07:26:55 UTC 2017


Hi,

> - We change the Identity keys to be Ed25519 keys instead of Curve25519.
> Current client deployments are by default libsignal-based, and therefore
> have access to Curve25519-to-Ed25519 conversion methods to convert already
> authenticated keys, so they don't have to lose their keys.
> - We change X3DH such that
>    - Sig(PK, M) is EdDSA(PK, M) instead of XEdDSA(PK, M) (PK is now an
> Ed25519 key). Libsignal already comes with an Ed25519 implementation.
>   - DH(IK, ...) becomes DH(Ed2Curve(IK), ...). Ed25519-to-Curve25519 is a
> conversion that is simpler than the other way round, and there are
> liberally licensed implementations. Libsodium has a ref10-based one, so it
> can be dropped in directly into libsignal:

Unfortunately, libsodium is ISC licensed which requires carrying a coypright/license header/file with all distributions of it. I don't consider this a sufficiently liberal license.
Do you know of any implementation that is completely liberal a.k.a. public domain?

Ignat


More information about the Standards mailing list