Sender Setup

 

TESLA uses self-authenticating one-way chains. The sender divides the time into uniform intervals of duration $T$_int. Time interval $0$ will start at time $T$₀, time interval $1$ at time $T$₁ = T₀ + T_int, etc. The sender assigns one key from the one-way chain to each time interval in sequence. The one-way chain is used in the reverse order of generation, so any value of a time interval can be used to derive values of previous time intervals.

The sender determines the length $N$ of the one-way chain $K$₀, K₁, &ldots;, K_N, and this length limits the maximum transmission duration before a new one-way chain must be created. The sender picks a random value for $K$_N. Using a pseudo-random function $f$, the sender constructs the one-way function $F$: $F(k)\; =\; f$_k(0). The remainder of the chain is computed recursively using $K$_i = F(K_i+1). Note that this gives us $K$_i = F^N-i(K_N), so we can compute any value in the key chain from $K$_N even if we do not have intermediate values. Each key $K$_i will be active in time interval $i$.