[noise] [NoiseSocket] First handshake message parsing questions
Rhys Weatherley
rhys.weatherley at gmail.com
Sun Feb 26 12:09:37 PST 2017
On Mon, Feb 27, 2017 at 5:52 AM, Alexey Ermishkin <scratch.net at gmail.com>
wrote:
> For example: either one algorithm-aware "e" per whole message or each
> sub-message must have its own "e".
> What do you think?
>
My preference is that each sub-message has its own "e". As far as I can
tell, the only benefit is data compression. Saving 32 or 56 bytes isn't
really worth the effort of making the parser more complex (it may be worth
it for NewHope and other algorithms with very large keys).
In terms of implementation, it is easier for the initiator to start N
independent HandshakeState's in parallel and then drop all but the selected
one once the responder comes back. Sharing "e" values puts an extra burden
on the HandshakeState API and implementation.
On the responder side it is easier to search the list for something that is
understood and then use that sub-message, ignoring all the others. The
others may even be malformed and it won't care. Right now the responder
needs extra knowledge about the structure of handshake messages to
back-patch in extra bytes in some cases but not others.
If the initiator wants to save some CPU generating the keypair for "e" only
once, then it can arrange to share the "e" value between HandshakeState's
and send it multiple times. But that's a local implementation decision.
Cheers,
Rhys.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20170227/d19bc364/attachment.html>
More information about the Noise
mailing list