mirror of
https://github.com/oxen-io/lokinet.git
synced 2024-11-03 23:15:52 +00:00
49 lines
1.1 KiB
Plaintext
49 lines
1.1 KiB
Plaintext
onion routing scheme:
|
|
|
|
constants:
|
|
|
|
K = 8
|
|
|
|
A builds a path of length N over R[0], R[1], ... R[N] where A is connected directly to R[0] and N < K
|
|
|
|
R[i] is a router on the network
|
|
R[i].e is the e value in that router's RC
|
|
R[i].e_sk is the corrisponding secret key for R[i].e
|
|
|
|
A builds an LRCM, M that has K ciphertext records in M.b
|
|
|
|
A sends M to R[0]
|
|
|
|
starting at i = 0
|
|
|
|
M is receieved by R[i]
|
|
|
|
R[i] takes M.b[0] as a_c verifies hmac and decrypts as a LRCR a_p using:
|
|
|
|
h = a_c[0:32]
|
|
n = a_c[32:64]
|
|
e_pK = a_c[64:96]
|
|
x = a_c[96:]
|
|
|
|
s_K = PKE(e_pK, R[i].e, R[i].e_sk, n)
|
|
verify MDS(x, s_K) == h
|
|
|
|
|
|
R[i] generates a response record b_p for a successful path build
|
|
|
|
b_p = BE({ c: "a", p: a_p.p, v: 0, x: RAND(512) })
|
|
|
|
and encrypts b_p using:
|
|
|
|
n = RAND(32)
|
|
s_K = PKE(a_p.k, R.e, R.e_sk, a_p.n)
|
|
x = SE(s_k, n, b_p)
|
|
h = MDS(x, s_k)
|
|
|
|
R[i] pops off the first value from M.b (such that M.b[1] is now M.b[0])
|
|
R[i] pushes to to the end of M.b the bytestring h + n + x
|
|
|
|
this is effectively setting M.b[K-1] = h + n + x
|
|
|
|
R[i] relays M to router R[i+1] who is the router with RC.k equal to a_p.i
|