MTE Process for a Zero-Knowledge System
Basic Process
Now that the architecture and environment have been established, the following process should be followed. For purposes of this section, we should consider the two endpoints as the Transmitter and the Receiver. Any endpoint may take on both roles, but it is easier to think about them as a one way conversation.
Pairing
The specific process of pairing is implementation dependent, but the following best practice must be considered.
Transmitter
The transmitter should determine the Personalization String and should have a way to generate the Entropy. A scenario might look like this:
- Transmitter determines a unique Personalization String such as the device serial number, EIN number, or even a random GUID.
- Transmitter uses an algorithm (such as Elliptical Curve Diffie Hellman) to generate a public / private key pair.
- Transmitter sends the Personalization String and the Public Key to the Receiver.
Receiver
The receiver should determine the Nonce and should have a way to generate the Entropy. That may look like this:
- Receiver gets the two values from the transmitter and creates a Nonce value (this can typically be a timestamp).
- Receiver uses the same algorithm as the Transmitter to generate a public / private key pair.
- Receiver uses the Transmitter public key and its key pairs to generate Entropy.
- Receiver creates (or retrieves from an object pool) an MTE.
- Receiver uses the Pairing Values to instantiate the MTE. We are now ready to start using MTE.
- If the Receiver must manage multiple incoming endpoints, the State must be obtained from MTE and cached (or stored) associated with the incoming Transmitter. The Personalization String is a good candidate for the lookup key for the specific State.
- Receiver should now discard the Pairing Values as they are no longer needed. (if possible, over-write these values in memory)
- Receiver returns the Nonce and Public Key to the Transmitter.
Transmitter
The transmitter is now ready to create its paired MTE.
- Transmitter receives the results from the Receiver (public key and Nonce).
- Transmitter uses its algorithm, the Receiver's public key, and its own key pair to generate the same Entropy as the Receiver.
- Transmitter creates an MTE
- Transmitter uses the Pairing Values to instantiate the MTE. We are now paired and ready to use the MTE.
- Transmitter should now discard the Pairing Values, as they are no longer needed. (if possible, over-write these values in memory)
Exchanging Information
You are now ready to begin exchanging information.
Transmitter
- Gather the information you wish to send.
- Encode the information.
- Send it to the Receiver (if this is a many to one, you must also identify the endpoint - the Personalization String is a good candidate for that)
Receiver
- Accept the information from the Transmitter.
- Determine which Endpoint this belongs to (note this is optional if you only have one endpoint)
- Retrieve an MTE from an object pool (or if you only have one, use it!)
- If you have multiple possible endpoints:
- Retrieve the MTE State associated with that endpoint.
- Re-instantiate the MTE.
- Decode the incoming data.
- Inspect or process the data - it is now in the clear.
- If you are managing multiple endpoints:
- Cache or store the MTE State securely for the next transmission from this endpoint.
- Wait for the next transmission and do it all again.