[noise] Extensions for forward secrecy and New Hope
Trevor Perrin
trevp at trevp.net
Sun Aug 28 00:58:27 PDT 2016
On Sat, Aug 27, 2016 at 4:58 PM, Brian Smith <brian at briansmith.org> wrote:
>
> Another problem with the suggested naming scheme is that it might get
> confusing if/when signature-based schemes are added. 25519+25519 Could
> be X25519+Ed25519 or X25519+X25519, I guess.
>
I'm not sure we'd need to indicate DH and signature names separately.
Unless you wanted to use different curves for DH and signatures, a single
name like "25519" could indicate both a DH algorithm and signature
algorithm.
That would be easier if we used a single public-key format for both DH and
signatures, which is possible (e.g. X25519 public keys can be efficiently
decompressed as Ed25519 public keys). It might even be possible to use the
same key pair for both signing and DH, though this would require more
thought and care.
So that's probably a discussion for later, but I'm hoping we could do
something more elegant.
Trevor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20160828/df984ca5/attachment.html>
More information about the Noise
mailing list