Client (a)

random

256

ra ←−−−− {0, 1} Ephermal key: Qa ← da G

Server (b)

ClientHello: ra KeyShare: Qa ServerHello: rb KeyShare: Qb

Searly ← Extract(0, 0) random

rb ←−−−− {0, 1}256 Ephermal key: Qb ← db G Key exchanged via ECDHE: x ← (x, y) = da Qb

Shandshake ← Extract(Derive(Searly , 'derived', ∅), x) Smaster ← Extract(Derive(Shandshake , 'derived', ∅), 0)

Handshake traffic key: Khandshakea ← Derive(Shandshake , 'c hs traffic', transcript)

{Certificate: Public key with CA signature}Khandshakeb

Handshake traffic key: Khandshakeb ← Derive(Shandshake , 's hs traffic', transcript)

{CertificateVerify: Transcript with ECDSA signature}Khandshakeb {Finished: HMAC(Kfinished , transcript)}Khandshakeb

Finished key: Kfinished ← Derive(Khandshakea , 'finished', transcript)

{Finished: HMAC(Kfinished , transcript)}Khandshakea

{Application Data}Kb0

Application traffic key: Ka0 ← Derive(Smaster , 'c ap traffic', transcript)

Finished key: Kfinished ← Derive(Khandshakeb , 'finished', transcript)

Sresumption ← Derive(Smaster , 'res master', transcript)

Application traffic key: Kb0 ← Derive(Smaster , 's ap traffic', transcript)

{Application Data}Ka0

NewSessionTicket: {session key ID, IV, encrypted state, HMAC(...)}Kb0

Creates a pre-shared key (PSK) binding to enable session resumption

(Connections terminated. That triggers session resumption with 0-RTT)

Searly ← Extract(0, Sresumption ) Binder key: Kbinder ← Derive(Searly , 'res binder', ∅) Early Traffic Key: Kearly ← Derive(Searly , 'c e traffic', transcript) Finished key: Kfinished ← Derive(Kbinder , 'finished', transcript)

ClientHello: ... KeyShare: ... PskKeyExchangeModes: ’psk dhe ke’ EarlyDataIndication PreSharedKey: {session key ID, HMAC(Kfinished , transcript)} {Application Data}Kearly

ServerHello: ... KeyShare: ... PreSharedKey: {session key ID} EncryptedExtensions: {EarlyDataIndication}Khandshakeb

Shandshake ← Extract(Derive(Searly , 'derived', ∅), x) Handshake traffic key: Khandshakeb ← Derive(Shandshake , 's hs traffic', transcript) Smaster ← Extract(Derive(Shandshake , 'derived', ∅), 0)

{Finished: HMAC(Kfinished , transcript)}Khandshakeb

{Application Data}Kb0

Finished key: Kfinished ← Derive(Khandshakeb , 'finished', transcript)

Application traffic key: Kb0 ← Derive(Smaster , 's ap traffic', transcript)

{EndOfEarlyData}Kearly

Finished key: Kfinished ← Derive(Khandshakea , 'finished', transcript)

{Finished: HMAC(Kfinished , transcript)}Khandshakea

{Application Data}Kb0

Application traffic key: Ka0 ← Derive(Smaster , 'c ap traffic', transcript)

{Application Data}Ka0

Disclaimer: this diagram is a rough sketch of the TLS 1.3 handshake and record protocol. It serves as a quickstarter to understand the protocol flows. It may contain inaccurate or oversimplified representations. 1) TLS Settings Cipher Suite: TLS AES 128 GCM SHA256 Digital Signature: ecdsa secp256r1 sha256 Key Exchange: secp256r1 (NIST P-256) with (G, n) as part of domain parameters, with public and private key in the form of (Q, d) Pre-Shared Key Cipher: TLS ECDHE PSK WITH AES 256 CBC SHA384 2) Protocol Notations Key Extraction Function: Extract(salt, keying material) Key Derive Function: Derive(secret, label, transcript), where transcript is the concatenation of each included handshake message. Encryption: {plaintext}key , which denotes an AEAD-Encrypt operation with write key and IV generated from key.

ra KeyShare: Qa ra - GitHub

{Certificate: Public key with CA signature}Khandshakeb. Handshake traffic key: ... Digital Signature: ecdsa secp256r1 sha256. Key Exchange: secp256r1 (NIST ...

86KB Sizes 9 Downloads 358 Views

Recommend Documents

ra ra krish.pdf
Whoops! There was a problem loading more pages. ra ra krish.pdf. ra ra krish.pdf. Open. Extract. Open with. Sign In. Main menu. Displaying ra ra krish.pdf.

JRF/SRF/ RA - DU
May 28, 2018 - certificate, proof of date of birth, copy of caste certificate) to Dr. Kovuru Gopalaiah,. Department of Chemistry, University of Delhi, Delhi-110007.

application for disability retirement (ra 660/ra 8291) - GSIS
... apply for a retirement/separation benefit with the GSIS and declare to the best of my ... I affix my signature beside my chosen option. ... Printed Name and Signature of ... e. such other cases as may be determined and approved by the GSIS.

CP-RA-USSok.pdf
Loading… Whoops! There was a problem loading more pages. Whoops! There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. CP-RA-USSok.pdf. CP-RA-USSok.pdf. Open. E

Biografi RA Kartini.pdf
Ayahnya kemudian menyekolahkan Kartini kecil di ELS (Europese Lagere School). Disinilah. Kartini kemudian belajar Bahasa Belanda dan bersekolah disana ...

Illumina RA Job Announcement_NANOFABRICATION 2017.pdf ...
Page 2 of 2. Illumina RA Job Announcement_NANOFABRICATION 2017.pdf. Illumina RA Job Announcement_NANOFABRICATION 2017.pdf. Open. Extract.

RA-M201705-01-WannaCry-Ransomware.pdf
There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item.

ALP RA (2) (1).pdf
Price or any portion thereof, I/we shall be solely responsible for filing the requisite loan application form prescribed by the bank, together with. all the necessary ...

RA Replacing camshafts (M57TU).pdf
Open plug (1). Tightening torque, 11 14 4AZ . Installation: Replace sealing ring. RA Replacing camshafts (M57TU) BMW AG - TIS 04.07.2014 16:41. Issue status ...

Ho ra máu.pdf
pamamaga sa bungad ng mga da- luyan ng mga salivary glands. Kadalasan itong ..... Case 2: Chest CT scan performed: Narrowing of the ... Ho ra máu.pdf.

IRR of RA 10533
Sep 9, 2013 - publication in the Official Gazette or in two newspapers of general circulation. As such, the IRR will take effect on September 24, 2013 since it ...

H$~ra gm_J«r -
An offering that supports personal explorations and reflections to empower you to weave a fine fabric of the warp and weft of your own living experience and reconnect with your 'Poorna' Self - your Authentic. Self; through the profound wisdom of the

Ra Ximhai_vol 9 num 1_Enero-Abril_2013_optimize.pdf ...
Teikyo University of Science and Technology (Japón), University of Tsukuba Library (Japón), Albertons. Library of Boise State University (USA), Oxford ...

RA 8800 (Safeguards).pdf
There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. RA 8800 ...

RA 7844 - Export Development Act.pdf
There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. RA 7844 ...

RA 6957 (BOT Law) as ammended by RA 7718.pdf
The. term is also used to describe the purchase of an existing facility from. Page 3 of 46. RA 6957 (BOT Law) as ammended by RA 7718.pdf. RA 6957 (BOT Law) ...

flambées de choléra
dresser un tableau complet des mesures mises en œuvre lors d'une flambée ;. – dégager les principaux points forts et les faiblesses de ces mesures ;.

RA 8800 - Safeguards Measures Act.pdf
There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. RA 8800 ...

RA 9211 - Tobacco Regulation Act.pdf
Whoops! There was a problem loading more pages. Retrying... RA 9211 - Tobacco Regulation Act.pdf. RA 9211 - Tobacco Regulation Act.pdf. Open. Extract.Missing:

RLC Descpriptions & RA Requirements.pdf
**Formerly Collaboratory LLC**. Sponsored by the Office of Leadership & Community Engagement (OLCE), this LLC is designed for first- year students who ...

CHUAN DAU RA CAC KHOA.pdf
Sign in. Page. 1. /. 62. Loading… Page 1 of 62. Page 1 of 62. Page 2 of 62. Page 2 of 62. Page 3 of 62. Page 3 of 62. CHUAN DAU RA CAC KHOA.pdf. CHUAN DAU RA CAC KHOA.pdf. Open. Extract. Open with. Sign In. Main menu. Page 1 of 62.

RA 9211 - Tobacco Regulation Act.pdf
a service established and operated for the purpose of counseling or creating and. producing and/or implementing advertising programs in various forms of ...