
The X3DH Key Agreement Protocol - doomrobo
https://whispersystems.org/docs/specifications/x3dh/
======
ge0rg
It would be interesting to know how this relates to Axolotl and "the Signal
protocol".

~~~
zaroth
This is about as clearly written as I could ever hope a crypto writeup to be!
So first off thanks for that!

But I also agree with your comment, it really helps to understand the "why" to
know where this tool sits on the overall shelf.

Or even just a bit more background on existing double DH constructs and
specifically what problems this addresses and a use case where you choose this
protocol specifically to gain some specific necessary property that you don't
get otherwise with other DH constructs.

The special padding during the hashing step seemed a bit odd, not sure why it
was quite so many bytes?

I would also love to see pseudo-code, some test vectors, and a sample hex
encoded output of an exchange.

------
dhdhchdjsnx
What's the point of a secure cryptographic protocol if your messaging app

a.) Sends back telemetry data

b.) Accepts arbitrary software updates without user approval

c.) Contains proprietary components with unknown workings

and d.) Forces you to send all of your messages over hostile servers?

~~~
eps
Elaborate on a) ?

That's indeed very troubling and completely unacceptable if it's true.

~~~
dom0
That piece is called Android, actually.

