[noise] Clever UDP Keying

Michael Hamburg mike at shiftleft.org
Mon Aug 3 17:17:58 PDT 2015


You could use an Axolotl-style ratchet.  You have a “spine” key which you hash after every packet to obtain both a new spine key and a packet key.  Every packet is numbered or otherwise identified clearly with a packet key.  The recipient has to save the skipped-over packet keys until it knows that it will ignore that packet.

— Mike

> On Aug 3, 2015, at 5:00 PM, Jason A. Donenfeld <Jason at zx2c4.com> wrote:
> 
> Hi folks,
> 
> With TCP, you can rekey after every packet if you want, because
> delivery is guaranteed. Horrah!
> 
> With UDP, we don't have the same luxury. Packets even come out of
> order. The best "obvious" solution is to rekey based on a timer.
> 
> The noise spec now relaxes the rekeying requirement to allow for
> UDP-based usage, which is nice.
> 
> I'm wondering if anybody has any ideas of how to do something similar
> to "rekeying after every packet" without reinventing some half-assed
> TCP variant (adding ACK messages, etc), where the key mutates. That is
> to say - is there some way in which packets coming out of order, or
> not being delivered at all, can mutate a symmetric key in a useful
> way? Has there been much research into interesting crypto systems that
> would have this nice property? Anyone know of any papers I could read?
> 
> Thanks,
> Jason
> _______________________________________________
> Noise mailing list
> Noise at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/noise



More information about the Noise mailing list