[prev in list] [next in list] [prev in thread] [next in thread] 

List:       moderncrypto-noise
Subject:    Re: [noise] Questions about Signatures for Noise spec
From:       Lucas Manuel Rodriguez <lucarodriguez () gmail ! com>
Date:       2019-04-08 19:45:43
Message-ID: CA+ofMXe1PQffps=hf9urd9BAjaPKwRkA3Fw62dMfe7GeQSHtWw () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Thanks for the quick response! Answered inline.

On Mon, 8 Apr 2019 at 09:10, Justin Cormack <justin@specialbusservice.com>
wrote:

> (replies inline)
>
> On Mon, 8 Apr 2019 at 12:36, Lucas Manuel Rodriguez
> <lucarodriguez@gmail.com> wrote:
> >
> > Hello folks,
> >
> > I'm working on a system that relies heavily in public key signatures an=
d
> I came across the "Signatures for Noise" spec [1].
> >
> > Knowing it's unofficial/unstable I hope it's ok to ask a couple of
> questions here.
> >
> > 1) There's the following paragraph In the "Signature modifiers" section=
:
> >
> > "The "sig" modifier can only be used with patterns where "se" is not
> sent by
> > the responder and "es" is not sent by the initiator, and "ss" does not
> appear.
> > Attempting to apply it other patterns is invalid."
> >
> > It would be nice if you could elaborate those statements.
>
> For "ss" there is no equivalent with signatures; the other two just
> point out that you
> can only sign an outbound message, signatures don't have the symmetry tha=
t
> DH
> does.
>

Makes sense now. Thanks.


>
> > 2) Are you seeing a path towards "hybrid" patterns? Hybrid as in: DH +
> Signatures, e.g.:
> >
> > <- s
> > ...
> > -> e, es, s1, sig
> >
> > (The above pattern would allow 0-RTT encryption and authentication of
> initiator via signatures)
>
> We have discussed hybrid patterns, there are some notes from the
> January meetup, and I am
> planning to do some more work on this. I think they can be useful in
> some situations.
>

OK. Looking forward to the next iteration of the spec!


>
> > Or are there any problems/vulnerabilities that would prevent this from
> happening?
>
> You can still replay these, so it is not a solution to all issues,
> although if you have another
> way to prevent replay it can be useful.
>

Sorry, I was not clear here. I meant to ask if there were any
problems/vulnerabilities with respect to "hybrid" patterns in general.
You answered my question already. I'll wait for the next iteration of the
spec.


>
> > I'm new to the Noise Framework, so please bear with me :)
> >
> > [1]: https://github.com/noiseprotocol/noise_sig_spec
> >
> > Best,
> > Lucas Manuel Rodr=C3=ADguez.
> > _______________________________________________
> > Noise mailing list
> > Noise@moderncrypto.org
> > https://moderncrypto.org/mailman/listinfo/noise
>

[Attachment #5 (text/html)]

<div dir="ltr"><div dir="ltr">Thanks for the quick response! Answered \
inline.</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, 8 \
Apr 2019 at 09:10, Justin Cormack &lt;<a \
href="mailto:justin@specialbusservice.com">justin@specialbusservice.com</a>&gt; \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">(replies inline)<br> \
<br> On Mon, 8 Apr 2019 at 12:36, Lucas Manuel Rodriguez<br>
&lt;<a href="mailto:lucarodriguez@gmail.com" \
target="_blank">lucarodriguez@gmail.com</a>&gt; wrote:<br> &gt;<br>
&gt; Hello folks,<br>
&gt;<br>
&gt; I&#39;m working on a system that relies heavily in public key signatures and I \
came across the &quot;Signatures for Noise&quot; spec [1].<br> &gt;<br>
&gt; Knowing it&#39;s unofficial/unstable I hope it&#39;s ok to ask a couple of \
questions here.<br> &gt;<br>
&gt; 1) There&#39;s the following paragraph In the &quot;Signature modifiers&quot; \
section:<br> &gt;<br>
&gt; &quot;The &quot;sig&quot; modifier can only be used with patterns where \
&quot;se&quot; is not sent by<br> &gt; the responder and &quot;es&quot; is not sent \
by the initiator, and &quot;ss&quot; does not appear.<br> &gt; Attempting to apply it \
other patterns is invalid.&quot;<br> &gt;<br>
&gt; It would be nice if you could elaborate those statements.<br>
<br>
For &quot;ss&quot; there is no equivalent with signatures; the other two just<br>
point out that you<br>
can only sign an outbound message, signatures don&#39;t have the symmetry that DH<br>
does.<br></blockquote><div><br></div><div>Makes sense now. Thanks.</div><div>  \
</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px \
solid rgb(204,204,204);padding-left:1ex"> <br>
&gt; 2) Are you seeing a path towards &quot;hybrid&quot; patterns? Hybrid as in: DH + \
Signatures, e.g.:<br> &gt;<br>
&gt; &lt;- s<br>
&gt; ...<br>
&gt; -&gt; e, es, s1, sig<br>
&gt;<br>
&gt; (The above pattern would allow 0-RTT encryption and authentication of initiator \
via signatures)<br> <br>
We have discussed hybrid patterns, there are some notes from the<br>
January meetup, and I am<br>
planning to do some more work on this. I think they can be useful in<br>
some situations.<br></blockquote><div><br></div><div>OK. Looking forward to the next \
iteration of the spec!<br></div><div>  </div><blockquote class="gmail_quote" \
style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"> <br>
&gt; Or are there any problems/vulnerabilities that would prevent this from \
happening?<br> <br>
You can still replay these, so it is not a solution to all issues,<br>
although if you have another<br>
way to prevent replay it can be useful.<br></blockquote><div><br></div><div>Sorry, I \
was not clear here. I meant to ask if there were any problems/vulnerabilities with \
respect to &quot;hybrid&quot; patterns in general.</div><div>You answered my question \
already. I&#39;ll wait for the next iteration of the spec.</div><div>  \
</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px \
solid rgb(204,204,204);padding-left:1ex"> <br>
&gt; I&#39;m new to the Noise Framework, so please bear with me :)<br>
&gt;<br>
&gt; [1]: <a href="https://github.com/noiseprotocol/noise_sig_spec" rel="noreferrer" \
target="_blank">https://github.com/noiseprotocol/noise_sig_spec</a><br> &gt;<br>
&gt; Best,<br>
&gt; Lucas Manuel Rodríguez.<br>
&gt; _______________________________________________<br>
&gt; Noise mailing list<br>
&gt; <a href="mailto:Noise@moderncrypto.org" \
target="_blank">Noise@moderncrypto.org</a><br> &gt; <a \
href="https://moderncrypto.org/mailman/listinfo/noise" rel="noreferrer" \
target="_blank">https://moderncrypto.org/mailman/listinfo/noise</a><br> \
</blockquote></div></div>


[Attachment #6 (text/plain)]

_______________________________________________
Noise mailing list
Noise@moderncrypto.org
https://moderncrypto.org/mailman/listinfo/noise


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic