[noise] non replayable XK/KK?

Justin Cormack justin at specialbusservice.com
Mon Jan 29 15:37:03 PST 2018


On 29 January 2018 at 16:12, Trevor Perrin <trevp at trevp.net> wrote:
> On Sun, Jan 28, 2018 at 9:23 PM, Justin Cormack
> Since the "defer" modifier really only applies to the four ?K
> patterns, another option is to consider these as different base
> patterns, e.g.
>
>   ?K = recipient key Known, and used immediately for 0-RTT encryption
>   ?D = recipient key known, but encryption Deferred (no 0-RTT)
>
> Below would be the ?D patterns I think, shown next to the relevant ?K
> pattern.  This is pretty straightforward, except we lose the "ss" for
> KD and ID, since it's not needed if we're not doing 0-RTT sender auth.

That seems a good formulation as there really arent too many, and have a
clear difference.

Justin


More information about the Noise mailing list