[noise] non replayable XK/KK?

Trevor Perrin trevp at trevp.net
Tue Feb 20 09:15:31 PST 2018 

On Tue, Feb 20, 2018 at 10:18 AM, Justin Cormack
<justin at specialbusservice.com> wrote:
> On 19 February 2018 at 22:48, Trevor Perrin <trevp at trevp.net> wrote:
>>
>> Instead of using modifiers or an alphabet soup of 2-letter names, we
>> could allow substituting X, K, and I with X1, K1, and I1 to move that
>> party's authentication DH into the next message.
[...]
>>
>> Thoughts?
>
> This certainly addresses my worry about not being able to remember what all
> the new two letter names mean... (Perhaps I should be a modifier too?

For clarity, we should distinguish between "secondary characters" like
"1", and modifiers like "psk0" or "fallback".

I think we don't want to change existing pattern names at this point,
so the "I?" patterns should probably keep their existing names.  If we
had thought of using secondary characters earlier we could have
considered names like "X0K" or "XIK" instead of "IK".

But - aside from it being too late to change - those names aren't
obviously better.  They're longer, and they don't keep with our
current (proposed) distinction where the first character says when the
static key is sent, and the second character ("1") affects the
position of the DH.


> Though
> calling it XI is rather indistinguishable from X1, and I don't think it makes it
> clearer and doesn't quite work like these modifiers, so I don't think
> changing it helps).
> Certainly seems to add the ones that seem useful but not excessively many.
>
> If ss? were to be a modifier, would it be an optional one or still
> always appear in
> the base KK, IK (where it seems useful)?

I think "KK" and "IK" patterns would remain unchanged, but perhaps we
could have an "ss?" modifier that adds "ss" into other patterns.  So
if you wanted your "IK1" to also have the same "ss" as "IK", you could
do "IK1ss1".


Regarding the secondary-character scheme, some more thoughts:

 * "1" and "I" are visually confusable, which is awkward in cases like
"I1K".  OTOH, using numbers lets us visually separate the secondary
characters from the primary characters in other cases, better than a
different uppercase character.

 * It's not clear yet if we'd consider extending this naming scheme to
use other secondary characters, or numbers besides "1"?  I guess this
thread keeps expanding in scope, but we should probably think a little
more about whether other patterns would fit into this
secondary-character scheme.

Trevor

More information about the Noise mailing list