How can two devices communicating over a secure channel come to a shared secret?

I have two Android devices running an app. The app uses the Bump API to exchange information with the goal to come up with a shared secret for later use.

Specifically, the shared secret will later be sent to a central server where the devices are then registered as a "couple".

I came up with two types of solutions, but there must be other ones as well.

  1. Decide which of the two devices may generate the secret (e.g., by flipping a coin)
  2. Let both devices input a part of the secret and combine them (e.g., multiplying or XORing the two contributions)

What is the best solution for this situation?

--EDIT-- I'm not trying communicate securely (I consider the Bump channel secure enough). Rather, I'm trying to find the most elegant solution to this specific issue.

Answers


Diffie-Hellman key exchange immediately comes to mind.


Each device generates random data equal in length to shared secret and sends it to other device. Shared secret is a XOR of this two parts.

Even if one device is broken and generates only zero strings, shared secret will be still good.


Need Your Help

accept() returns same socket descriptor numbers

c linux sockets process fork

As the argument of accept() for new client socket,

equation and dot symbol in brackets

matlab equation brackets

I want to calculate the result of the expression which is stored in variable a: