Post-Quantum Optical Handshake
Given
Alice has PQ sign keypair (sign_pubA, sign_secA), PQ encrypt keypair (enc_pubA, enc_secA), ECC contact keypair (ecc_pubA, ecc_secA) and userhash hashA. Bob has PQ sign keypair (sign_pubB, sign_secB), PQ encrypt keypair (enc_pubB, enc_secB), ECC contact keypair (ecc_pubB, ecc_secB) and userhash hashB.
Optical Handshake
Alice and Bob exchange public ECC keys (ecc_pubA, ecc_pubB) and random nonces (nonceA, nonceB).
Alice signs nonceB with secret key (ecc_secA) and sends it to Bob. Alice also sends hashA and signs of hashA + nonceB with Alice’s secret key. Bob verifies nonceB with Alice’s public key. -> Confirms Alice has ECC key she claims. Bob recieves unencrypted hashA and verifies the signature of hashA + nonceB with Alice’s public key. -> Confirms Alice claims her user hash is hashA and it was singed right now with Bob nonce and Alice secret key.
Bob does the same symmetrically.
sequenceDiagram
participant Alice
participant Bob
Note over Alice, Bob: 1) Each side creates a fresh nonce
Alice->>Alice: Generate nonceA
Bob->>Bob: Generate nonceB
Note over Alice, Bob: 2) Exchange ECC public keys + nonces
Alice->>Bob: ecc_pubA, nonceA
Bob->>Alice: ecc_pubB, nonceB
Note over Alice, Bob: 3) Alice proves key ownership and hash claim
Note right of Alice: Sign nonceB with ecc_secA
Note right of Alice: Sign (hashA + nonceB) with ecc_secA
Alice->>Bob: Sig(nonceB), hashA, Sig(hashA + nonceB)
Note right of Bob: Verify Sig(nonceB) with ecc_pubA
Note right of Bob: Confirms Alice owns ecc_pubA
Note right of Bob: Verify Sig(hashA + nonceB) with ecc_pubA
Note right of Bob: Confirms hashA claim is fresh (bound to nonceB)
Note over Alice, Bob: 4) Bob does the same symmetrically
Note left of Bob: Sign nonceA with ecc_secB
Note left of Bob: Sign (hashB + nonceA) with ecc_secB
Bob->>Alice: Sig(nonceA), hashB, Sig(hashB + nonceA)
Note left of Alice: Verify Sig(nonceA) with ecc_pubB
Note left of Alice: Verify Sig(hashB + nonceA) with ecc_pubB
Note left of Alice: Confirms Bob owns ecc_pubB and claims hashBContactCandidate
Alice saves hashB and ecc_pubB. When Alice discovers Usercard that has hashB, she checks that Usercard has ecc_pubB. And (optionally) checks ucercard contact_cert (which is a signature of ecc_pubB with Alice sign_secA). ContactCandidate becomes (trusted?) Contact
Bob does the same symmetrically.
sequenceDiagram
participant Alice
participant Bob
Note over Alice, Bob: Pre-requisite: Optical Handshake Complete
Note over Alice, Bob: Each side already stored peer hash + peer ecc_pub
Note over Alice: Stored candidate: (hashB, ecc_pubB)
Note over Alice: Discovers Usercard(hashB, ecc_pubB, contact_cert?)
Note over Alice: Check Usercard hashB has matching ecc_pubB
Note over Alice: Optional check: verify contact_cert
Note over Alice: Promote ContactCandidate -> Trusted Contact
Note over Bob: Symmetric process with (hashA, ecc_pubA)
Note over Bob: Discover Usercard(hashA, ecc_pubA, contact_cert?)
Note over Bob: Check hashA and ecc_pubA match stored candidate
Note over Bob: Optional check: verify contact_cert
Note over Bob: Promote ContactCandidate -> Trusted Contact
