Skip to content

chore: CRP-2960 Align spec and implementation of encrypted_chat ratcheting#281

Merged
randombit merged 2 commits intomainfrom
jack/crp-2960
Jan 21, 2026
Merged

chore: CRP-2960 Align spec and implementation of encrypted_chat ratcheting#281
randombit merged 2 commits intomainfrom
jack/crp-2960

Conversation

@randombit
Copy link
Copy Markdown
Contributor

@randombit randombit commented Jan 15, 2026

This fixes several areas where the spec and implementation of ratcheting in the encrypted_chat example did not align:

  1. The spec for evolving the state used the current epoch to define the domain
    separator, then returned a new state with the new key and the next epoch. The
    implementation instead had a bug where it incremented twice, once at the
    start and once at the end. So the key would be derived using the next epoch
    id n, but then have an epoch id of n+1. Confusing! Change both: specify that
    the next (new) epoch is the value that is added to the domain separator.

  2. The implementation adds -example to the domain separator strings while the
    spec does not. Minor issue but might as well be consistent.

  3. evolveTo did not evolve states ... it first checked if the requested epoch is
    less than or equal to the current epoch, in which case it returns
    early. Otherwise it looped in this fashion

    while(requestedEpoch < currentEpoch)

    which would never occur since the function would have already have returned
    in this case. I renamed the relevant argument to desiredEpoch since I think
    that makes it easier to read/reason about what is happening.

  4. Fixed CacheableSymmetricRatchetState::peekAtEpoch. It pre-incremented the
    epoch before cloning the structure, but this puts it out of sync with the
    correct epoch and so different keys would be derived. This function doesn't
    seem to be used, which is probably why this wasn't noticed. It may be better
    to remove this function entirely.

randombit and others added 2 commits January 15, 2026 15:45
@randombit
chore: CRP-2960 Align spec and implementation of encrypted_chat ratch…
62838cf 
…eting

This fixes several areas where the spec and implementation of ratcheting
in the encrypted_chat example did not align:

1) The spec for evolving the state used the current epoch to define the domain
   separator, then returned a new state with the new key and the next epoch. The
   implementation instead had a bug where it incremented twice, once at the
   start and once at the end.  So the key would be derived using the next epoch
   id n, but then have an epoch id of n+1. Confusing! Change both: specify that
   the next (new) epoch is the value that is added to the domain separator.

2) The implementation adds -example to the domain separator strings while the
   spec does not. Minor issue but might as well be consistent.

3) evolveTo did not evolve states ... it first checked if the requested epoch is
   less than or equal to the current epoch, in which case it returns
   early. Otherwise it looped in this fashion

      while(requestedEpoch < currentEpoch)

   which would never occur since the function would have already have returned
   in this case. I renamed the relevant argument to desiredEpoch since I think
   that makes it easier to read/reason about what is happening.

4) Fixed CacheableSymmetricRatchetState::peekAtEpoch. It pre-incremented the
   epoch before cloning the structure, but this puts it out of sync with the
   correct epoch and so different keys would be derived. This function doesn't
   seem to be used, which is probably why this wasn't noticed. It may be better
   to remove this function entirely.
@randombit
Merge branch 'main' into jack/crp-2960
376e5fe
@randombit randombit marked this pull request as ready for review January 16, 2026 16:11
@randombit randombit requested a review from a team January 16, 2026 16:11
fspreiss
fspreiss approved these changes Jan 19, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@fspreiss fspreiss left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the fixes, @randombit!

@randombit randombit merged commit 79ed45a into main Jan 21, 2026
7 of 8 checks passed
@randombit randombit deleted the jack/crp-2960 branch January 21, 2026 13:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fspreiss fspreiss fspreiss approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@randombit @fspreiss