Scribd
Upload
7 views1 page

Notes 1

The document outlines a cryptographic protocol involving the exchange of certificates and keys between a server and a client. It details the encoding of messages related to the certificate verification process, including the use of derived secrets and hashing functions. Additionally, it describes events indicating the completion of the server's processes and the establishment of a secure connection.

Uploaded by

erdygaming97
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
7 views1 page

Notes 1

The document outlines a cryptographic protocol involving the exchange of certificates and keys between a server and a client. It details the encoding of messages related to the certificate verification process, including the use of derived secrets and hashing functions. Additionally, it describes events indicating the completion of the server's processes and the establishment of a secure connection.

Uploaded by

erdygaming97
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Abbreviations

~M_4 = enc((CERTIFICATE,signcert(server_name_4,
make_pk(server_sk_2),ca_sk_1)),derive_secret(hkdf_extract(
DH(y_2,G),derive_secret(ZERO,DERIVED,())),SHTS,
((a_1,G),(shr_3,DH(y_2,G)))))
~M_5 = enc((CERTIFICATE_VERIFY,sign(hash(((a_1,
G),(shr_3,DH(y_2,G)),enc((CERTIFICATE,signcert(
server_name_4,make_pk(server_sk_2),ca_sk_1)),derive_secret(
hkdf_extract(DH(y_2,G),derive_secret(ZERO,DERIVED,
())),SHTS,((a_1,G),(shr_3,DH(y_2,G))))))),server_sk_2)),
derive_secret(hkdf_extract(DH(y_2,G),derive_secret(
ZERO,DERIVED,())),SHTS,((a_1,G),(shr_3,DH(y_2,
G)))))
~M_6 = enc((FINISHED,mac(hash(((a_1,G),(shr_3,
DH(y_2,G)),enc((CERTIFICATE,signcert(server_name_4,
make_pk(server_sk_2),ca_sk_1)),derive_secret(hkdf_extract(
DH(y_2,G),derive_secret(ZERO,DERIVED,())),SHTS,
((a_1,G),(shr_3,DH(y_2,G))))),enc((CERTIFICATE_VERIFY,
sign(hash(((a_1,G),(shr_3,DH(y_2,G)),enc((CERTIFICATE,
signcert(server_name_4,make_pk(server_sk_2),ca_sk_1)),
derive_secret(hkdf_extract(DH(y_2,G),derive_secret(
ZERO,DERIVED,())),SHTS,((a_1,G),(shr_3,DH(y_2,
G))))))),server_sk_2)),derive_secret(hkdf_extract(
DH(y_2,G),derive_secret(ZERO,DERIVED,())),SHTS,
((a_1,G),(shr_3,DH(y_2,G))))))),hkdf_expand_label(
derive_secret(hkdf_extract(DH(y_2,G),derive_secret(
ZERO,DERIVED,())),SHTS,((a_1,G),(shr_3,DH(y_2,
G)))),FINISHED))),derive_secret(hkdf_extract(DH(
y_2,G),derive_secret(ZERO,DERIVED,())),SHTS,((
a_1,G),(shr_3,DH(y_2,G)))))
~X_1 = enc((FINISHED,mac(hash(((a_1,G),(~M_2,~M_3),~M_4,
~M_5,~M_6)),hkdf_expand_label(derive_secret(hkdf_extract(
~M_3,derive_secret(ZERO,DERIVED,())),CHTS,((a_1,
A trace has been found. G),(~M_2,~M_3))),FINISHED))),derive_secret(hkdf_extract(
~M_3,derive_secret(ZERO,DERIVED,())),CHTS,((a_1,
G),(~M_2,~M_3))))
= enc((FINISHED,mac(hash(((a_1,
G),(shr_3,DH(y_2,G)),enc((CERTIFICATE,signcert(
server_name_4,make_pk(server_sk_2),ca_sk_1)),derive_secret(
hkdf_extract(DH(y_2,G),derive_secret(ZERO,DERIVED,
())),SHTS,((a_1,G),(shr_3,DH(y_2,G))))),enc((CERTIFICATE_VERIFY,
sign(hash(((a_1,G),(shr_3,DH(y_2,G)),enc((CERTIFICATE,
signcert(server_name_4,make_pk(server_sk_2),ca_sk_1)),
derive_secret(hkdf_extract(DH(y_2,G),derive_secret(
ZERO,DERIVED,())),SHTS,((a_1,G),(shr_3,DH(y_2,
G))))))),server_sk_2)),derive_secret(hkdf_extract(
DH(y_2,G),derive_secret(ZERO,DERIVED,())),SHTS,
((a_1,G),(shr_3,DH(y_2,G))))),enc((FINISHED,mac(
hash(((a_1,G),(shr_3,DH(y_2,G)),enc((CERTIFICATE,
signcert(server_name_4,make_pk(server_sk_2),ca_sk_1)),
derive_secret(hkdf_extract(DH(y_2,G),derive_secret(
ZERO,DERIVED,())),SHTS,((a_1,G),(shr_3,DH(y_2,
G))))),enc((CERTIFICATE_VERIFY,sign(hash(((a_1,
G),(shr_3,DH(y_2,G)),enc((CERTIFICATE,signcert(
server_name_4,make_pk(server_sk_2),ca_sk_1)),derive_secret(
hkdf_extract(DH(y_2,G),derive_secret(ZERO,DERIVED,
())),SHTS,((a_1,G),(shr_3,DH(y_2,G))))))),server_sk_2)),
derive_secret(hkdf_extract(DH(y_2,G),derive_secret(
ZERO,DERIVED,())),SHTS,((a_1,G),(shr_3,DH(y_2,
G))))))),hkdf_expand_label(derive_secret(hkdf_extract(
DH(y_2,G),derive_secret(ZERO,DERIVED,())),SHTS,
((a_1,G),(shr_3,DH(y_2,G)))),FINISHED))),derive_secret(
hkdf_extract(DH(y_2,G),derive_secret(ZERO,DERIVED,
())),SHTS,((a_1,G),(shr_3,DH(y_2,G))))))),hkdf_expand_label(
derive_secret(hkdf_extract(DH(y_2,G),derive_secret(
ZERO,DERIVED,())),CHTS,((a_1,G),(shr_3,DH(y_2,
G)))),FINISHED))),derive_secret(hkdf_extract(DH(
y_2,G),derive_secret(ZERO,DERIVED,())),CHTS,((
a_1,G),(shr_3,DH(y_2,G)))))

Honest Process Attacker

{1}new ca_sk_1

~M = make_pk(ca_sk_1)

! ! !

{44}new server_name_4
{45}new server_sk_2

~M_1 = signcert(server_name_4,make_pk(server_sk_2),
ca_sk_1)

{49}new data_3
{50}event Secret(server_name_4,data_3)

Beginning of process server

(a_1,G)

{57}new shr_3
{58}new y_2

(~M_2,~M_3) = (shr_3,DH(y_2,G))

~M_4

~M_5

{72}event ServerFinished(server_name_4,signcert(
server_name_4,make_pk(server_sk_2),ca_sk_1),derive_secret(
hkdf_extract(DH(y_2,G),derive_secret(ZERO,DERIVED,
())),DERIVED,()))

~M_6

~X_1

{78}event ServerComplete(server_name_4,signcert(
server_name_4,make_pk(server_sk_2),ca_sk_1),derive_secret(
hkdf_extract(DH(y_2,G),derive_secret(ZERO,DERIVED,
())),DERIVED,()))

You might also like