Reachable Server Node Protocol Flow

The following sequence diagram does not encompass all the details of message composing but gives an accurate overview of what happens on the wire, and which participant has access to what information:

sequenceDiagram
    participant ppnt as Participant
    participant node as Server Node

    alt Reaching Participant
        ppnt-->>ppnt: generate/derive ReachingSecretKeys/ReachingPublicKeys
    end

    ppnt->>node: requests AttestantVerifyingKeys
    ppnt->>node: requests Initialisation
    node->>ppnt: responds with Attestant Verifying Keys
    alt Reaching Participant
        ppnt-->>ppnt: verifies Visual Key Identity for the AttestantVerifyingKeys
    end
    node->>ppnt: responds with<br>ReachableVerifyingKeys,<br>ephemeral ReachablePublicKeys,<br>and EnvelopeIdHints
    note over node: There always have to be the same number of EnvelopeIdHints across all requests,<br>irrespective of how many Envelopes are actually stored on the server node
    node-->>node: drops disclosed ephemeral ReachablePublicKeys from its database

    ppnt-->>ppnt: verifies ReachablePublicKeys<br>attempts to decrypt EnvelopeIdHints

    alt successfully decrypted a EnvelopeIdHint
        ppnt-->>ppnt: recovers EnvelopeId and EnvelopeIdHint shared secret
        ppnt->>node: requests Envelope using recovered EnvelopeId

        node->>ppnt: responds with Envelope
        ppnt-->>ppnt: decrypts Envelope<br>recovers MessageVault Credentials
        alt Reaching Participant
            ppnt-->>ppnt: recovers MessageVaultId
        else Reachable Participant
            ppnt-->>ppnt: recovers the MessageVaultId from SealedMessageVaultId<br>using the SharedSecretKeys
        end

        ppnt->>node: requests MessageVault with MessageVaultId
        node->>ppnt: responds with MessageVault
        ppnt-->>ppnt: decrypts MessageVault,<br>recovers Message

        alt removes their EnvelopeIdHint to prevent continued access to this resource
            ppnt->>node: requests removal of EnvelopeIdHint by EnvelopeId and a EnvelopeIdHint specific token
            node-->>node: drops respective EnvelopeIdHint record
        end
    end

    ppnt-->>ppnt: composes new Message<br>generates per-Envelope+MessageVault shared secret<br>uses it to encrypt the MessageVaultLink and MessageVault
    ppnt->>node: uploads MessageVault

    node-->>node: generates a MessageVaultId<br>encrypts it with ephemeral secret keys and SharedPublicKeys<br>creating a SealedMessageVaultId
    node->>ppnt: responds with SealedMessageVaultId

    alt Reaching Participant
        ppnt-->>ppnt: embeds SealedMessageVaultId in the Envelope
    else Reachable Party
        ppnt-->>ppnt: recovers the MessageVaultId from SealedMessageVaultId<br>using the SharedSecretKeys<br>and embeds the MessageVaultId in the Envelope
    end

    ppnt->>node: uploads Envelope
    node->>ppnt: responds with SealedEnvelopeId

    alt Message is large enough to require multiple chunks
        note over ppnt, node: Participant follows the flow described above to upload a MessageVault,<br>embeds its SealedEnvelopeId or EnvelopeId in the new Message

        alt Reaching Participant
            ppnt-->>ppnt: embeds the last SealedEnvelopeId in new Message
        else Reachable Participant
            ppnt-->>ppnt: recovers the EnvelopeId from the last SealedEnvelopeId<br>using the SharedSecretKeys, and embeds it in the new Message
        end

        ppnt->>node: follows the same MessageVault/Envelope upload flow from above
    end