My Project
Overview of SAKKE Key

SAKKE (Sakai-Kasahara Key Encryption) is specified in RFC 6508 (https://tools.ietf.org/html/rfc6508).

SAKKE is used to transfer a secret to a peer using Identity Based cryptography.
The Key Management Service (KMS) is responsible for issuing Receiver Secret Keys (RSKs). Data up to (2^hashlen)^hashlen bytes of data can be transferred.
The sender must know the identity of the receiver and the KMS Public Key.
The receiver must have obtained a Receiver Secret Key (RSK) for the identity from a KMS in order to derive the secret.

KMS:

  1. Initialize SAKKE Key: wc_InitSakkeKey()
  2. Make and save or load SAKKE Key:
    1. wc_MakeSakkeKey(), wc_ExportSakkeKey(), wc_ExportSakkePublicKey() or
    2. wc_ImportSakkeKey()
  3. Wait for request:
    1. Make an RSK base on ID for the client: wc_MakeSakkeRsk()
    2. Encode RSK for transfer to client: wc_EncodeSakkeRsk()
  4. Free SAKKE Key: wc_FreeSakkeKey()

Key Exchange, Peer A:

  1. Initialize SAKKE Key: wc_InitSakkeKey()
  2. Load KMS Public Key: wc_ImportSakkePublicKey()
  3. Generate a random SSV: wc_GenerateSakkeSSV()
  4. Set the identity of Peer B: wc_SetSakkeIdentity()
  5. Make an encapsulated SSV and auth data: wc_MakeSakkeEncapsulatedSSV()
  6. Send encapsulated data to Peer B
  7. Free SAKKE Key: wc_FreeSakkeKey()

Key Exchange, Peer B:

  1. Receive encapsulated data.
  2. Initialize SAKKE Key: wc_InitSakkeKey()
  3. Load KMS Public Key: wc_ImportSakkePublicKey()
  4. Decode RSK transferred from KMS or stored locally: wc_DecodeSakkeRsk()
  5. [Optional] Validate RSK before first use: wc_ValidateSakkeRsk()
  6. Set the identity: wc_SetSakkeIdentity()
  7. Set the RSK and, optionally precomputation table: wc_SetSakkeRsk()
  8. Derive SSV with auth data: wc_DeriveSakkeSSV()
  9. Free SAKKE Key: wc_FreeSakkeKey()

Transfer secret, Peer A:

  1. Initialize SAKKE Key: wc_InitSakkeKey()
  2. Load KMS Public Key: wc_ImportSakkePublicKey()
  3. Set the identity of Peer B: wc_SetSakkeIdentity()
  4. Make an encapsulation of the SSV and auth data: wc_MakeSakkeEncapsulatedSSV()
  5. Send encapsulated data to Peer B
  6. Free SAKKE Key: wc_FreeSakkeKey()

Transfer secret, Peer B:

  1. Initialize SAKKE Key: wc_InitSakkeKey()
  2. Load KMS Public Key: wc_ImportSakkePublicKey()
  3. Decode RSK transferred from KMS or stored locally: wc_DecodeSakkeRsk()
  4. [Optional] Validate RSK before first use: wc_ValidateSakkeRsk()
  5. Receive encapsulated data.
  6. Set the identity: wc_SetSakkeIdentity()
  7. Set the RSK and, optionally precomputation table: wc_SetSakkeRsk()
  8. Derive SSV and auth data: wc_DeriveSakkeSSV()
  9. Free SAKKE Key: wc_FreeSakkeKey()