[Standards] OMEMO Key Agreement
chrisballinger at gmail.com
Tue May 30 23:51:24 UTC 2017
So this is as simple as converting the Ed25519 key before ingesting into
libsignal (and vice versa)? From what I understand this wouldn't require
any modifications to libsignal itself, and really only some minor app
changes for implementors. If that's correct, this seems like a great
On Sun, May 28, 2017 at 10:53 PM, Remko Tronçon <remko at el-tramo.be> wrote:
> I may have a solution to our OMEMO key agreement discussion that satisfies
> all of us.
> - We change the Identity keys to be Ed25519 keys instead of Curve25519.
> Current client deployments are by default libsignal-based, and therefore
> have access to Curve25519-to-Ed25519 conversion methods to convert already
> authenticated keys, so they don't have to lose their keys.
> - We change X3DH such that
> - Sig(PK, M) is EdDSA(PK, M) instead of XEdDSA(PK, M) (PK is now an
> Ed25519 key). Libsignal already comes with an Ed25519 implementation.
> - DH(IK, ...) becomes DH(Ed2Curve(IK), ...). Ed25519-to-Curve25519 is a
> conversion that is simpler than the other way round, and there are
> liberally licensed implementations. Libsodium has a ref10-based one, so it
> can be dropped in directly into libsignal: https://download.
> This drops the dependency on XEdDSA, and has a minimal impact on existing
> libsignal-based implementations. It *does* make the key agreement more
> complicated than the one in Olm (which does simple 3DH), but maybe that's a
> price we're willing to pay?
> Standards mailing list
> Info: https://mail.jabber.org/mailman/listinfo/standards
> Unsubscribe: Standards-unsubscribe at xmpp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Standards