[noise] Replace calls to kernel.MixHash with kernel.MixKey

Jason A. Donenfeld Jason at zx2c4.com
Wed Aug 26 18:45:19 PDT 2015


Hi,

Currently, kernel.MixKey is used first for a name and preshared key, and
then after for all DH calculation results. Simultaneously, kernel.MixHash
is used to bind static public keys and handshake payload contents to the
session.

Simple question: why can't we just replace all calls to kernel.MixHash with
kernel.MixKey? It seems like this would simplify things quite a bit.

Jason


[PS: It would also add another layer of "hiding": in handshakes that use a
pre-descriptor of "s", and then transmit an unencrypted "e", under the
proposed replacement, "e" would now be encrypted with "s", which in some
limited circumstances *may not be known to an adversary*, so "e" becomes as
non-public as "s" is non-public. I don't know if this is a real security
property that cryptographers care about, but it looks shiny on first
glance.]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20150827/98cb2895/attachment.html>


More information about the Noise mailing list