[prev in list] [next in list] [prev in thread] [next in thread] 

List:       moderncrypto-noise
Subject:    Re: [noise] [EXT] Re: Multi party psk
From:       "Jason A. Donenfeld" <Jason () zx2c4 ! com>
Date:       2017-06-08 23:02:12
Message-ID: CAHmME9oW3CSL_6e=1DFQH_BHd9fn7O8Zhi8=G9MjcV5QbaxTJQ () mail ! gmail ! com
[Download RAW message or body]

> Or, the new handshake
> might just do an unauthenticated Noise_NN to get forward-secrecy for
> the new session, but rely on the PSK to extend the earlier session's
> authentication.

I always wondered about doing something like Noise_NNpsk0 as a
replacement for the various PAKEs. You expand the password into a
proper shared secret, which you then set as the PSK. The PSK would
then act as both an authenticator and as some poorman's PQ, while the
dhee would provide forward secrecy. Though, perhaps this doesn't have
all the same properties as a proper PAKE?
_______________________________________________
Noise mailing list
Noise@moderncrypto.org
https://moderncrypto.org/mailman/listinfo/noise

[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic