- \[ \begin{graph}
- !{0; <8cm, 0cm>: <0cm, 3cm>::}
- *+[F]\dbox{$r_i \getsr I$; $R_i \gets r_i P$} ="i-1"
- [d]
- *+[F]\dbox{$c_i \gets r_i \xor H_I(R_j, X_i, s, R_i, r_i X_j)$} ="i0"
- [d]
- *+[F]\dbox{Check $R_j = \bigl(c_j \xor H_I(x_i R_j)\bigr) P$ \\
- $Z \gets r_i R_j$; $K \gets H_K(0, Z)$ \\
- $\chi_i \gets E_K(x_i R_j)$} ="i1"
- [d]
- *+[F]\dbox{Check $D_K(\chi_j) = r_i X_j$ \\
- Shared key is $H_K(1, Z)$} ="i2"
- "i-1" [r]
- *+[F]\dbox{$r_j \getsr I$; $R_j \gets r_j P$} ="j-1"
- [d]
- *+[F]\dbox{$c_j \gets r_j \xor H_I(R_i, X_j, s, R_j, r_j X_i)$} ="j0"
- [d]
- *+[F]\dbox{Check $R_i = \bigl(c_i \xor H_I(x_j R_i)\bigr) P$ \\
- $Z \gets r_j R_i$; $K \gets H_K(0, Z)$ \\
- $\chi_j \gets E_K(x_j R_i)$} ="j1"
- [d]
- *+[F]\dbox{Check $D_K(\chi_i) = r_j X_i$ \\
- Shared key is $H_K(1, Z)$} ="j2"
- %
- "i-1" : |(0)/3.25cm/*+{R_i} "j0"
- "i0" : |(0)/3.25cm/*+{(R_i, c_i)} "j1"
- "i1" : |(0)/3.25cm/*+{(R_i, \chi_i)} "j2"
- "j-1" : |(0)/3.25cm/*+{R_j} "i0"
- "j0" : |(0)/3.25cm/*+{(R_j, c_j)} "i1"
- "j1" : |(0)/3.25cm/*+{(R_j, \chi_j)} "i2"
- \end{graph} \]
+
+ \begin{protocol}
+ $r_i \getsr I$; $R_i \gets r_i P$; &
+ $r_j \getsr I$; $R_j \gets r_j P$; \\
+ \send{->}{R_i}
+ \send{<-}{R_j}
+ $c_i \gets r_i \xor H_I(R_j, X_i, s, R_i, r_i X_j)$; &
+ $c_j \gets r_j \xor H_I(R_i, X_j, s, R_j, r_j X_i)$; \\
+ \send{->}{(R_i, c_i)}
+ \send{<-}{(R_j, c_j)}
+ Check $R_j = \bigl(c_j \xor H_I(x_i R_j)\bigr) P$; &
+ Check $R_i = \bigl(c_i \xor H_I(x_j R_i)\bigr) P$; \\
+ $Z \gets r_i R_j$; $(K_0, K_1) \gets H_K(Z)$; &
+ $Z \gets r_j R_i$; $(K_0, K_1) \gets H_K(Z)$; \\
+ $\chi_i \gets E_{K_0}(x_i R_j)$; &
+ $\chi_j \gets E_{K_0}(x_j R_i)$; \\
+ \send{->}{(R_i, \chi_i)}
+ \send{<-}{(R_j, \chi_j)}
+ Check $D_{K_0}(\chi_j) = r_i X_j$; &
+ Check $D_{K_0}(\chi_i) = r_j X_i$; \\
+ Shared key is $K_1$. & Shared key is $K_1$.
+ \end{protocol}