7.6.5 Participant Join (Non-Leader)

When participant i joins meeting meetingID, it performs the reverse of the above procedure:

  1. Fetches IVKfrom the Key server for the leader.

  2. Fetches Sig and pk from the meeting’s “bulletin board.”

  3. Fetches (i, Ci) from the “bulletin board.”

  4. Fetches the meetingUUID from the server.

  5. Computes Binding ← (meetingIDkmeetingUUIDkkhardwareIDkIVKkpk ).

  6. Defines Contextsign ← "Zoombase-1-ClientOnly-Sig-EncryptionKeyAnnouncement".

  7. Verifies the signature: Sign.Verify(IVK , Sig , Contextsign, Binding` ).

  8. If verification fails, it aborts.

  9. Computes Meta ← (meetingIDkmeetingUUIDk`ki).

  10. Defines ContextKDF ← "Zoombase-1-ClientOnly-KDF-KeyMeetingSeed".

  11. Defines Contextcipher ← "Zoombase-1-ClientOnly-Sig-EncryptionKeyMeetingSeed".

  12. Decrypts (MK, mkSeqNum) ← Box.Dec(ski , pk` , ContextKDF, Contextcipher, Meta, C). Now all participants have access to the shared meeting key MK, and can encrypt and decrypt meeting streams accordingly. Participants use an additional HKDF step to derive different subkeys for different message types (e.g. chat, video), mixing in a distinct flag for the message type and also the meetingID, the meetingUUID, and the ID of the message sender.

Previous7.6.4 Participant Join (Leader)Next7.6.6 Key Rotation

Last updated