CSCI 780: Spring 2025
Distributed System Security
Project 3: drat

Due: Tue, May 6, 11:59pm


In this project, you will implement the basic version of the Double Ratchet algorithm. Basic means that your project will implement Section 2.4 of the protocol specification.

For this project, you will implement two executables:

Our protocol will match Section 2.4, where alice is the client (that is, Alice sends the first message), and bob is the server (Bob receives the first message). Thus, bob must be started first. Upon connection, alice and bob interact in a simple chat session: each sends any input the user enters on stdin, and the receiver prints this message to stdout. If the user enters ^D or the process encounters an error, that endpoint closes its connection and exits; upon detecting the close, the peer endpoint also closes its connection and exits. In other words, each process executes for only a single chat session.

alice


Name

The "Alice" (initial sender) party of a double-ratchet communication.

Synopsis

alice [options] BOB_HOST

Positional Arguments

BOB_HOST

The "host:port" string for Bob. Host can be either an IP address or a hostname.

Options

-secret SECRET_KEY

The file that contains the 32-byte shared secret that serves as the initial root key.

Default: secret.key

-bob-pub BOB_PUBLIC_KEY

A file with Bob's raw public X25519 key (that is, the file is the raw key bytes, rather than a DER or PEM-encoding of these bytes).

Default: bob-pub.key

-help

Display this usage statement and exit.

Example


        ./alice -secret assets/secret.key -bob-pub assets/bob-pub.key 127.0.0.1:12345
        

bob


Name

The "Bob" (initial receiver) party of a double-ratchet communication.

Synopsis

bob [options] BOB_HOST

Positional Arguments

BOB_HOST

The "[host]:port" string for Bob's address. Host can be either an IP address, a host name (e.g., "localhost") or omitted altogether.

Options

-secret SECRET_KEY

The file that contains the 32-byte shared secret that serves as the initial root key.

Default: secret.key

-pub PUBLIC_KEY

A file with Bob's raw public X25519 key (that is, the file is the raw key bytes, rather than a DER or PEM-encoding of these bytes).

Default: bob-pub.key

-priv PRIVATE_KEY

A file with Bob's raw private X25519 key (that is, the file is the raw key bytes, rather than a DER or PEM-encoding of these bytes).

Default: bob-priv.key

-help

Display this usage statement and exit.

Example


        ./bob -secret assets/secret.key -pub bob-pub.key -priv bob-priv.key 127.0.0.1:12345
        

Skeleton Code

To help get started, please use the following drat.zip skeleton module.

The protocol data unit (PDU) for our implementation is very simple: each PDU contains a header and a body. The header is the sender's current public key, and the body is the AES-GCM encrypted message. Our implementation uses Go's gob encoding as the data representation format. The file internal/drat/pdu.go hides the gob-encoding behind the two higher-level interfaces that you should use: Send and ReceivePDU.

The file internal/drat/crypto.go contains all of the cryptographic functions that you need. In particular, Encrypt, Decrypt, KDF_CK, and KDF_RK are straightforward Go implementations of the Python code in Section 3 of the Double Ratchet specification. Note that for Encrypt and Decrypt, the associated data (assocData) are the raw bytes of the PDU header (header.Marshal()).

Regarding design, for both alice and bob you will want to launch two goroutines: one that reads from stdin and one that receives messages from its peer. These goroutines can communicate with the main goroutine over separate Go channels in which they enqueue the outgoing or incoming messages, respectively. The main goroutine uses a select statement to concurrently read from each channel. In the case of an outgoing message, the main goroutine encrypts and sends the message; for an incoming message, the main routine decrypts and displays the message.

You may find it helpful to test your code against my versions in instructor-drat.zip. The zip file contains binaries for linux-amd64 and macos-arm64. These alice and bob executables also take -verbose option that displays debugging logging.

Submitting

Submit your project as a zip file via gradescope. Your project must include a Makefile that builds two executables: alice and bob. Please refer to the instructions for submitting an assignment for details on how to login to gradescope and properly zip your project.

Make sure you include the go.mod and go.sum in your submission.

Rubric

Alice


1.1 student's alice and instructor's bob take turns sending messages (25 pts)


        ./instructor/bob -secret assets/secret.key -pub assets/bob-pub.key -priv assets/bob-priv.key 127.0.0.1:12345
        (out)alice: a
        (out)b
        (out)alice: c
        (out)d
        

        ./alice -secret assets/secret.key -bob-pub assets/bob-pub.key 127.0.0.1:12345
        (out)a
        (out)bob: b
        (out)c
        (out)bob: d
        

1.2 student's alice and instructor's bob send bursts of messages (25 pts)


        ./instructor/bob -secret assets/secret.key -pub assets/bob-pub.key -priv assets/bob-priv.key 127.0.0.1:12345
        (out)alice: red
        (out)alice: orange
        (out)yellow
        (out)green
        (out)blue
        (out)alice: indigo
        (out)alice: violet
        

        ./alice -secret assets/secret.key -bob-pub assets/bob-pub.key 127.0.0.1:12345
        (out)red
        (out)orange
        (out)bob: yellow
        (out)bob: green
        (out)bob: blue
        (out)indigo
        (out)violet
        

Bob


2.1 instructor's alice and student's bob take turns sending messages (25 pts)


        ./bob -secret assets/secret.key -pub assets/bob-pub.key -priv assets/bob-priv.key 127.0.0.1:12345
        (out)alice: a
        (out)b
        (out)alice: c
        (out)d
        

        ./instructor/alice -secret assets/secret.key -bob-pub assets/bob-pub.key 127.0.0.1:12345
        (out)a
        (out)bob: b
        (out)c
        (out)bob: d
        

2.2 instructor's alice and student's bob send bursts of messages (25 pts)


        ./bob -secret assets/secret.key -pub assets/bob-pub.key -priv assets/bob-priv.key 127.0.0.1:12345
        (out)alice: red
        (out)alice: orange
        (out)yellow
        (out)green
        (out)blue
        (out)alice: indigo
        (out)alice: violet
        

        ./instructor/alice -secret assets/secret.key -bob-pub assets/bob-pub.key 127.0.0.1:12345
        (out)red
        (out)orange
        (out)bob: yellow
        (out)bob: green
        (out)bob: blue
        (out)indigo
        (out)violet