Struct vodozemac::SharedSecret
source · pub struct SharedSecret(/* private fields */);
Expand description
The result of a Diffie-Hellman key exchange.
Each party computes this using their EphemeralSecret
or StaticSecret
and their
counterparty’s PublicKey
.
Implementations§
sourcepub fn was_contributory(&self) -> bool
pub fn was_contributory(&self) -> bool
Ensure in constant-time that this shared secret did not result from a key exchange with non-contributory behaviour.
In some more exotic protocols which need to guarantee “contributory” behaviour for both parties, that is, that each party contributed a public value which increased the security of the resulting shared secret. To take an example protocol attack where this could lead to undesirable results from Thái “thaidn” Dương:
If Mallory replaces Alice’s and Bob’s public keys with zero, which is a valid Curve25519 public key, he would be able to force the ECDH shared value to be zero, which is the encoding of the point at infinity, and thus get to dictate some publicly known values as the shared keys. It still requires an active man-in-the-middle attack to pull the trick, after which, however, not only Mallory can decode Alice’s data, but everyone too! It is also impossible for Alice and Bob to detect the intrusion, as they still share the same keys, and can communicate with each other as normal.
The original Curve25519 specification argues that checks for non-contributory behaviour are “unnecessary for Diffie-Hellman”. Whether this check is necessary for any particular given protocol is often a matter of debate, which we will not re-hash here, but simply cite some of the relevant public discussions.
§Returns
Returns true
if the key exchange was contributory (good), and false
otherwise (can be bad for some protocols).