| I like it. I tried to explain it in slightly simpler terms to some friends in a group chat like this: > reading about the emoticon generation thingy, it's actually worth a read > they use a DH KEX[1], but wrapped with something which is interesting. Client A generates a, client B generates b, and g seems to be an already-exchanged finite group generator. That's all standard. [1] diffie-hellman key exchange > now before A sends g^a to B, it will send hash(g^a) to B. B responds as normal (with g^b) to which A will respond with what it normally would send first: g^a. > after receiving g^a, B can check whether the initially received hash(g^a) matches. This means that A can't brute force a specific value of a, so it doesn't matter that it's only 33 bits of entropy in that emoticon thingy. Any brute forcing will change the hash (unless you collide, iirc, sha256) and B will go "dude wtf" and kill the connection > I tried to summarize in more understandable terms, but if it's too shortened or something, the original thing is here: https://core.telegram.org/api/end-to-end/voice-calls#key-ver... |