[messaging] Key exchange and DuplexWrap-like protocols
Ben Harris
mail at bharr.is
Tue Feb 10 19:33:50 PST 2015
> This has the same security properties as Noise, but only uses ECC and
Keccak.
Keccak-f just to avoid any confusion (i.e. the permutation only, it uses
different api and domain properties to Keccak).
forget() is weaker than Axolotl, as forget is just erasing state bits to
prevent inverting the permutation (breaking a previous message). Axolotl
creates new ephemerals to prevent breaking future messages too.
Using Keyak as the AEAD cipher for bodies is great. But using it for
everything might present some issues with lost messages (can't skip a
message without having the body) and the concurrency stuff you mention.
It would be interesting to look at an Axolotl-sponge that modifies Axolotl
to suit a sponge construction like Keyak. One example is simplifying header
encryption into two sequential calls to DuplexWrap instead of two
decryptions with separate keys.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150211/98a6ef43/attachment.html>
More information about the Messaging
mailing list