Megolm.rst: add Background and footer
This commit is contained in:
parent
c07444d3e6
commit
ec91dd4570
1 changed files with 39 additions and 0 deletions
|
@ -3,6 +3,35 @@ Megolm group ratchet
|
||||||
|
|
||||||
An AES-based cryptographic ratchet intended for group communications.
|
An AES-based cryptographic ratchet intended for group communications.
|
||||||
|
|
||||||
|
Background
|
||||||
|
----------
|
||||||
|
|
||||||
|
The Megolm ratchet is intended for encrypted messaging applications where there
|
||||||
|
may be a large number of recipients of each message, thus precluding the use of
|
||||||
|
peer-to-peer encryption systems such as `Olm`_.
|
||||||
|
|
||||||
|
It also allows a receipient to decrypt received messages multiple times. For
|
||||||
|
instance, in client/server applications, a copy of the ciphertext can be stored
|
||||||
|
on the (untrusted) server, while the client need only store the session keys.
|
||||||
|
|
||||||
|
Overview
|
||||||
|
--------
|
||||||
|
|
||||||
|
Each participant in a conversation uses their own session, which consists of a
|
||||||
|
ratchet, and an Ed25519 keypair.
|
||||||
|
|
||||||
|
Secrecy is provided by the ratchet, which can be wound forwards, via hash
|
||||||
|
functions, but not backwards, and is used to derive a distinct message key
|
||||||
|
for each message.
|
||||||
|
|
||||||
|
Authenticity is provided via the Ed25519 key.
|
||||||
|
|
||||||
|
The value of the ratchet, and the public part of the Ed25519 key, are shared
|
||||||
|
with other participants in the conversation via secure peer-to-peer
|
||||||
|
channels. Provided that peer-to-peer channel provides authenticity of the
|
||||||
|
messages to the participants and deniability of the messages to third parties,
|
||||||
|
the Megolm session will inherit those properties.
|
||||||
|
|
||||||
The Megolm algorithm
|
The Megolm algorithm
|
||||||
--------------------
|
--------------------
|
||||||
|
|
||||||
|
@ -206,6 +235,16 @@ The length of the signature is determined by the signing algorithm being used
|
||||||
(64 bytes in this version of the protocol). The signature covers all of the
|
(64 bytes in this version of the protocol). The signature covers all of the
|
||||||
bytes preceding the signaure.
|
bytes preceding the signaure.
|
||||||
|
|
||||||
|
IPR
|
||||||
|
---
|
||||||
|
|
||||||
|
The Megolm specification (this document) is hereby placed in the public domain.
|
||||||
|
|
||||||
|
Feedback
|
||||||
|
--------
|
||||||
|
|
||||||
|
Can be sent to richard at matrix.org.
|
||||||
|
|
||||||
|
|
||||||
.. _`Ed25519`: http://ed25519.cr.yp.to/
|
.. _`Ed25519`: http://ed25519.cr.yp.to/
|
||||||
.. _`HMAC-based key derivation function`: https://tools.ietf.org/html/rfc5869
|
.. _`HMAC-based key derivation function`: https://tools.ietf.org/html/rfc5869
|
||||||
|
|
Loading…
Reference in a new issue