[Standards] OMEMO Key Agreement

Remko Tronçon remko at el-tramo.be
Wed May 31 06:48:47 UTC 2017


Hi Chris,

On 31 May 2017 at 01:51, Chris Ballinger <chrisballinger at gmail.com> wrote:

> So this is as simple as converting the Ed25519 key before ingesting into
> libsignal (and vice versa)?


Almost. The 'vice versa' (i.e. on the way out of libsignal) is true. The
other way round (ingesting it into libsignal) would lose the sign bit,
which means the signatures won't match for half (?) of the keys if you use
XEdDSA. This is why the actual Ed25519 keys need to be used to do the
signature verification (and since you need those, the smallest possible
change is passing them through as the identity key, and doing the
conversion to Curve25519 in the X3DH step; this means you don't need to
pass extra stuff all the way through).

AFAICT, changing the signature verification to use EdDSA should be a
one-line code change to libsignal. Doing the conversion would be an extra 2
lines of code in libsignal (plus the conversion function , ±15 lines of
code). The actual lines of code and information on where they need to be
changed are in the prototype, but I can't try this out on a real client
myself, someone like you could probably verify this in little time.

Remko
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20170531/a98b0177/attachment.html>


More information about the Standards mailing list