1MA-3 and Vaudenay SAS protocol
 2==============================
 3
 4The SAS protocol establishes peer-to-peer authenticated communication over an insecure channel by using an extra
 5channel, such as in Apple iMessage (see Application below).
 6
 7This is a toy implementation of
 8the [Vaudenay SAS protocol [PDF]](https://www.iacr.org/archive/crypto2005/36210303/36210303.pdf).
 9
10To avoid 4 round-trips whereas 3 are sufficient, SAS was improved by
11the [MA-3 protocol [PDF]](https://eprint.iacr.org/2005/424.pdf).
12
13The used commitment scheme is an idealized commitment model in which a trusted third party reveals the commitment.
14In a real world implementation, commitment schemes that don't require a trusted third party would be more practical (
15random oracle, CRS model).
16
17Application
18-----------
19
20Apple uses the SAS protocol
21for [iMessage Contact Key Verification](https://security.apple.com/blog/imessage-contact-key-verification/), introduced
22in iOS 17.2.