[noise] Pre-shared Secret - preventing DoS, and ensuring post-quantum PFS

Jonathan Rudenberg jonathan at titanous.com
Wed Nov 11 18:05:59 PST 2015


> On Nov 11, 2015, at 3:22 AM, Jason A. Donenfeld <Jason at zx2c4.com> wrote:
> 
> Hi Trevor,
> 
> Hopefully it's not too late to discuss this...
> 
> It occurred to me that Noise could benefit from having a pre-shared secret option, which could be in use by multiple peers at once.

I was looking at pre-shared keys with the specific constraint that I want to generate a minimum amount of key material once before the peers that are communicating exist.

The solution I came up with is this:

A single preshared key is given to the peers that are going to communicate. The peers exchange ephemeral public keys as pre-messages, and then initialize the HandshakeState with dhee and a prologue of MAC(psk, initiatorPubkey || receiverPubkey).

This seems to be a simple way to do a low-friction PSK that authenticates the client and the server. Any weaknesses that I’ve missed? (obviously it doesn’t address anything DoS-related and I’m not really familiar with post-quantum)

Jonathan


More information about the Noise mailing list