[noise] Pattern validity questions

Trevor Perrin trevp at trevp.net
Sun May 14 13:11:53 PDT 2017


On Sun, May 14, 2017 at 8:06 PM, Alex <alex at centromere.net> wrote:
>
> Noise_IK(s, rs):
>    <- s
>    ...
>    -> e, es, s, ss
>    <- e, ee, se
>
> it is valid for the initiator to send encrypted data in the payload of
> its first Noise message, *only* because of the presence of the `es`
> token, correct? In other words, had that token not been there, it would
> be an invalid pattern?

Right - without the es, the static key derived from ss would be used
repeatedly for encryption, without randomization, which is
catastrophic for security.

Trevor


More information about the Noise mailing list