[noise] Extensions for forward secrecy and New Hope
Trevor Perrin
trevp at trevp.net
Sun Aug 28 00:33:33 PDT 2016
On Sun, Aug 28, 2016 at 12:27 AM, Trevor Perrin <trevp at trevp.net> wrote:
>
> Noise_XX
> -> e
> <- e, dhee, s, dhse
> -> s, dhse
>
> Noise_XXhfs(s, rs):
> -> e, f
> <- e, dhee, f, dhff, s, dhse
> -> s, dhse
>
> (Assuming "f" is encrypted we have to move it after the "dhee", as shown
> here, to not violate pattern validity. Your spec doesn't encrypt "f", in
> which case the transformation is simpler - "e, f, dhee, dhff, ...").
>
Oops, I'm wrong that "e, f, dhee, dhff" would pattern validity, if "f" was
capable of being encrypted. It is fine and simple to do that, but it's
also fine to move "f" after "dhee" and encrypt it. So we'd have to decide
which the "hfs" transformation would prefer.
Trevor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20160828/3f385b97/attachment.html>
More information about the Noise
mailing list