for P2P key exchange, who should be the server and who should be the client?

[shi-yan]

Hello,

I want to use libsodium to perform key exchange in a p2p system. I'm puzzled by the definition of the client and server.

For a p2p system, who should be the server? and who should be the client? What are the differences between them?

Some background:

I want to implement an end-to-end encrypted group messaging system. A message sender will generate a key for each reader. I want to use the key exchange mechanism to implement it. In this system, there is no concept of "server" or "client". All are equal peers.

If I have to assign a server or client role to them, does that mean I can only exchange keys between server and client, but not between server and server, or client and client?

Thanks,

[jedisct1]

Hi,

Assign the "client" role to any of the parties, and the "server" role to the other one.

A common way do to it is to use known identifiers, or public keys. For example the smallest public key is the client, and the other one is the server.

[shi-yan]

I don't think that works.

because, for one, the message group is dynamic. Today, there are A,B and C in the group. Tomorrow, it could be B, D, E. You suggestion basically requires that each peer can switch its role depending on the groups they are in, which means I need to have server and client key pairs generated for each, which is a redundancy.

secondly, consider this situation: If B is the message sender, and since B is not the smallest public key, B is now a server. And B sends the message to A, D, F. F is also not a smallest public key, hence also a server. can F decodes the message? does the key exchange work between 2 servers?

[shi-yan]

oh, I see, you mean between 2 peers, the smaller public key is the client. That makes sense, but still, I need to generate both client keypair and server keypair for each participant, Which seems to be a redundancy.

I'm curious, what's the reason for this client/server separation?

[jedisct1]

Peers only need one key pair. server and client is just the role for a key exchange. Replace server and client with Alice and Bob if you prefer. One just has to be Alice and the other one Bob.

[shi-yan]

I get it now. Thank you very much!

[shi-yan]

I have one follow-up question. For the message sender herself, can she use her own keypair to generate client_rx for herself? i.e. is it valid to pass her public key as both the server_public_key and the client_public_key? I tested it, generating client_rx using the same public key twice can work. but is this safe?

Because in the above end-to-end encryption scenario, Alice can have multiple devices (laptop, mobile phone etc.), each should use the same identity (keypair). If Alice sends out a message on her phone, her laptop should be able to decrypt the message too. In this scenario, Alice's laptop needs to use Alice's public key for both server and client. Can this work? Thanks!