[prev in list] [next in list] [prev in thread] [next in thread] 

List:       moderncrypto-noise
Subject:    Re: [noise] [EXT] Re: [EXT] Re:  Multi party psk
From:       Trevor Perrin <trevp () trevp ! net>
Date:       2017-06-10 22:00:42
Message-ID: CAGZ8ZG1URKLwHvZ3Jb7z_4f9FuMxmi5pr=UYap3ANfM_LHf4Sg () mail ! gmail ! com
[Download RAW message or body]

On Thu, Jun 8, 2017 at 4:22 PM, Jonathan Moore <jmoore@spideroak-inc.com> wrote:
> I think something else that would make the spec easier to understand is to
> state explicitly the randomization of symmetric crypto depends on a using a
> random ephemeral asymmetric key for setup. This is implied in many places
> but the exact relationship between the symmetric encryption randomization
> and the ephemeral key is not explicitly called out early in the spec.

It's discussed in 7.1 and some rationale is in 15.3.  I'm not totally
sure were it would fit earlier.  Maybe 2.2. somewhere?


> In my, probably naive, reading this concept and the state chaining are the
> two core ideas in the crypto for noise.

I agree that the state chaining is a core idea, and I would say so is
the pattern language, and the heavy use of DH.

Using one-time ephemerals for randomization I view as a less-important
design decision (we could've easily added a random nonce, it's just
not necessary, makes messages larger, and would tempt people into
ephemeral reuse).

Trevor
_______________________________________________
Noise mailing list
Noise@moderncrypto.org
https://moderncrypto.org/mailman/listinfo/noise

[prev in list] [next in list] [prev in thread] [next in thread]