Skip to content

Overview of SAKKE Key

SAKKE (Sakai-Kasahara Key Encryption) is specified in RFC 6508 (https://tools.ietf.org/html/rfc6508). More...

Detailed Description

SAKKE (Sakai-Kasahara Key Encryption) is specified in RFC 6508 (https://tools.ietf.org/html/rfc6508).

SAKKE is used to transfer a secret to a peer using Identity Based cryptography.

The Key Management Service (KMS) is responsible for issuing Receiver Secret Keys (RSKs). Data up to (2^hashlen)^hashlen bytes of data can be transferred.

The sender must know the identity of the receiver and the KMS Public Key.

The receiver must have obtained a Receiver Secret Key (RSK) for the identity from a KMS in order to derive the secret.

KMS:

  1. Initialize SAKKE Key: wc_InitSakkeKey()
  2. Make and save or load SAKKE Key:
  3. Wait for request:
  4. Free SAKKE Key: wc_FreeSakkeKey() Key Exchange, Peer A:

  5. Initialize SAKKE Key: wc_InitSakkeKey()

  6. Load KMS Public Key: wc_ImportSakkePublicKey()
  7. Generate a random SSV: wc_GenerateSakkeSSV()
  8. Set the identity of Peer B: wc_SetSakkeIdentity()
  9. Make an encapsulated SSV and auth data: wc_MakeSakkeEncapsulatedSSV()
  10. Send encapsulated data to Peer B
  11. Free SAKKE Key: wc_FreeSakkeKey() Key Exchange, Peer B:

  12. Receive encapsulated data.

  13. Initialize SAKKE Key: wc_InitSakkeKey()
  14. Load KMS Public Key: wc_ImportSakkePublicKey()
  15. Decode RSK transferred from KMS or stored locally: wc_DecodeSakkeRsk()
  16. [Optional] Validate RSK before first use: wc_ValidateSakkeRsk()
  17. Set the identity: wc_SetSakkeIdentity()
  18. Set the RSK and, optionally precomputation table: wc_SetSakkeRsk()
  19. Derive SSV with auth data: wc_DeriveSakkeSSV()
  20. Free SAKKE Key: wc_FreeSakkeKey() Transfer secret, Peer A:

  21. Initialize SAKKE Key: wc_InitSakkeKey()

  22. Load KMS Public Key: wc_ImportSakkePublicKey()
  23. Set the identity of Peer B: wc_SetSakkeIdentity()
  24. Make an encapsulation of the SSV and auth data: wc_MakeSakkeEncapsulatedSSV()
  25. Send encapsulated data to Peer B
  26. Free SAKKE Key: wc_FreeSakkeKey() Transfer secret, Peer B:

  27. Initialize SAKKE Key: wc_InitSakkeKey()

  28. Load KMS Public Key: wc_ImportSakkePublicKey()
  29. Decode RSK transferred from KMS or stored locally: wc_DecodeSakkeRsk()
  30. [Optional] Validate RSK before first use: wc_ValidateSakkeRsk()
  31. Receive encapsulated data.
  32. Set the identity: wc_SetSakkeIdentity()
  33. Set the RSK and, optionally precomputation table: wc_SetSakkeRsk()
  34. Derive SSV and auth data: wc_DeriveSakkeSSV()
  35. Free SAKKE Key: wc_FreeSakkeKey()

Updated on 2022-06-25 at 08:30:56 +0000