Exercise 11, Question 10

0 votes
Why is m3 not the one that starts the round trip? Is it because we assumed that m1 starts a new round trip and now m3 will be using the server-stored initial values? wouldn't it be treated similar to m1?
by
edited
edit history

1 Answer

0 votes
Hi,

The task explicitly assumes that m1 does not start a new round trip.

> If m1 does not start a new round-trip from B's perspective

Therefore, some previous message started the round trip from B's perspective.
This message is not shown in the image, as it is a hypothetical question.

This means that the keys for m1 and m3 are derived from the symmetric ratchet.
The next round trip starts when the next share from A is received (contained in m2) to compute the new DH key.
M2 is received directly before m4 is sent.
Therefore, B starts a new round trip with m4.

Cheers,
Sebastian
by (2.4k points)
edit history