Derives the shared key after completing Round 2. From RFC: When the second round finishes, Alice verifies the received ZKPs. Alice and Bob shall check that these new generators are not points at infinity. If the verification fails, the session is aborted. Otherwise, the two parties compute the common key material as follows: o Alice computes Ka = (B - (G4 x [x2*s])) x [x2]
The derived shared key.
The current state of the J-PAKE transfer.
Executes Round 1 of the J-PAKE protocol. From RFC: Round 1: Alice selects an ephemeral private key x1 uniformly at random from [0, q-1] and another ephemeral private key x2 uniformly at random from [1, q-1]. G1 = G x [x1], G2 = G x [x2] and ZKPs for x1 and x2
The public values and proofs for Round 1.
Executes Round 2 of the J-PAKE protocol. From RFC: When round 1 finishes, Alice verifies the received ZKPs as specified in [RFC8235]. The verifier shall check the prover's UserID is a valid identity and is different from its own identity. If the verification of the ZKP fails, the session is aborted. Then: Alice -> Bob: A = (G1 + G3 + G4) x [x2s] and a ZKP for x2s
The Round 1 results received from Bob.
The shared secret (password) converted to a bigint.
Bob's unique identifier.
The public values and proofs for Round 2.
Sets the Round 2 results received from Bob.
The Round 2 results received from Bob.
Implements the J-PAKE (Password Authenticated Key Exchange by Juggling) protocol. Based on RFC 8236: https://www.rfc-editor.org/rfc/rfc8236.txt Comments with 'from RFC' refer directly to this RFC Two round implementation is fully from the perspective of Alice