[Standards] OMEMO Key Agreement

Chris Ballinger chrisballinger at gmail.com
Tue May 30 23:51:24 UTC 2017


So this is as simple as converting the Ed25519 key before ingesting into
libsignal (and vice versa)? From what I understand this wouldn't require
any modifications to libsignal itself, and really only some minor app
changes for implementors. If that's correct, this seems like a great
compromise.

On Sun, May 28, 2017 at 10:53 PM, Remko Tronçon <remko at el-tramo.be> wrote:

> Hi,
>
> I may have a solution to our OMEMO key agreement discussion that satisfies
> all of us.
>
> - We change the Identity keys to be Ed25519 keys instead of Curve25519.
> Current client deployments are by default libsignal-based, and therefore
> have access to Curve25519-to-Ed25519 conversion methods to convert already
> authenticated keys, so they don't have to lose their keys.
> - We change X3DH such that
>    - Sig(PK, M) is EdDSA(PK, M) instead of XEdDSA(PK, M) (PK is now an
> Ed25519 key). Libsignal already comes with an Ed25519 implementation.
>    - DH(IK, ...) becomes DH(Ed2Curve(IK), ...). Ed25519-to-Curve25519 is a
> conversion that is simpler than the other way round, and there are
> liberally licensed implementations. Libsodium has a ref10-based one, so it
> can be dropped in directly into libsignal: https://download.
> libsodium.org/doc/advanced/ed25519-curve25519.html
>
> This drops the dependency on XEdDSA, and has a minimal impact on existing
> libsignal-based implementations. It *does* make the key agreement more
> complicated than the one in Olm (which does simple 3DH), but maybe that's a
> price we're willing to pay?
>
> Remko
>
> _______________________________________________
> Standards mailing list
> Info: https://mail.jabber.org/mailman/listinfo/standards
> Unsubscribe: Standards-unsubscribe at xmpp.org
> _______________________________________________
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20170530/49670c8d/attachment-0001.html>


More information about the Standards mailing list