Overview of SAKKE Key

More...

Detailed Description

SAKKE (Sakai-Kasahara Key Encryption) is specified in RFC 6508 (https://tools.ietf.org/html/rfc6508).

SAKKE is used to transfer a secret to a peer using Identity Based cryptography.

The Key Management Service (KMS) is responsible for issuing Receiver Secret Keys (RSKs). Data up to (2^hashlen)^hashlen bytes of data can be transferred.

The sender must know the identity of the receiver and the KMS Public Key.

The receiver must have obtained a Receiver Secret Key (RSK) for the identity from a KMS in order to derive the secret.

KMS:

1. Initialize SAKKE Key: wc_InitSakkeKey()
2. Make and save or load SAKKE Key:
   • wc_MakeSakkeKey(), wc_ExportSakkeKey(), wc_ExportSakkePublicKey() or
   • wc_ImportSakkeKey()
3. Wait for request:
   • Make an RSK base on ID for the client: wc_MakeSakkeRsk()
   • Encode RSK for transfer to client: wc_EncodeSakkeRsk()
4. Free SAKKE Key: wc_FreeSakkeKey()

Key Exchange, Peer A:

1. Initialize SAKKE Key: wc_InitSakkeKey()
2. Load KMS Public Key: wc_ImportSakkePublicKey()
3. Generate a random SSV: wc_GenerateSakkeSSV()
4. Set the identity of Peer B: wc_SetSakkeIdentity()
5. Make an encapsulated SSV and auth data: wc_MakeSakkeEncapsulatedSSV()
6. Send encapsulated data to Peer B
7. Free SAKKE Key: wc_FreeSakkeKey()

Key Exchange, Peer B:

1. Receive encapsulated data.
2. Initialize SAKKE Key: wc_InitSakkeKey()
3. Load KMS Public Key: wc_ImportSakkePublicKey()
4. Decode RSK transferred from KMS or stored locally: wc_DecodeSakkeRsk()
5. [Optional] Validate RSK before first use: wc_ValidateSakkeRsk()
6. Set the identity: wc_SetSakkeIdentity()
7. Set the RSK and, optionally precomputation table: wc_SetSakkeRsk()
8. Derive SSV with auth data: wc_DeriveSakkeSSV()
9. Free SAKKE Key: wc_FreeSakkeKey()

Transfer secret, Peer A:

1. Initialize SAKKE Key: wc_InitSakkeKey()
2. Load KMS Public Key: wc_ImportSakkePublicKey()
3. Set the identity of Peer B: wc_SetSakkeIdentity()
4. Make an encapsulation of the SSV and auth data: wc_MakeSakkeEncapsulatedSSV()
5. Send encapsulated data to Peer B
6. Free SAKKE Key: wc_FreeSakkeKey()

Transfer secret, Peer B:

1. Initialize SAKKE Key: wc_InitSakkeKey()
2. Load KMS Public Key: wc_ImportSakkePublicKey()
3. Decode RSK transferred from KMS or stored locally: wc_DecodeSakkeRsk()
4. [Optional] Validate RSK before first use: wc_ValidateSakkeRsk()
5. Receive encapsulated data.
6. Set the identity: wc_SetSakkeIdentity()
7. Set the RSK and, optionally precomputation table: wc_SetSakkeRsk()
8. Derive SSV and auth data: wc_DeriveSakkeSSV()
9. Free SAKKE Key: wc_FreeSakkeKey()

---

Updated on 2024-11-07 at 01:17:40 +0000