[prev in list] [next in list] [prev in thread] [next in thread]
List: moderncrypto-noise
Subject: Re: [noise] Multi party psk
From: Trevor Perrin <trevp () trevp ! net>
Date: 2017-06-07 23:30:06
Message-ID: CAGZ8ZG3ZnGG-yd_MbHEvUTcpQTqig2zFE3g8aQSFqxaKgfY27w () mail ! gmail ! com
[Download RAW message or body]
On Wed, Jun 7, 2017 at 10:00 PM, Jonathan Moore
<jmoore@spideroak-inc.com> wrote:
>
> Would it be safe to take a shared s and do an HKDF( s, pubkey_n ) = s_n to
> create a unique s for each sender in a multi party channel?
Hi Jonathan,
Interesting question!
(Small note on terminology: "s" isn't the best name here, because
Noise uses that for a static key pair or static public key.)
If a server has a master symmetric key and wants to derive a shared
PSK with clients based on HKDF or just HMAC(master_key, client_ID)
that seems fine. Client_ID could be anything, including the client's
public key.
I guess this could be a way to authenticate clients without the server
having to store a database of all Client IDs? For example, a pattern
like NKpsk2 could allow the client send its ID in the first payload,
and then the server mixes the derived PSK in when responding.
Trevor
_______________________________________________
Noise mailing list
Noise@moderncrypto.org
https://moderncrypto.org/mailman/listinfo/noise
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic