[noise] multi algorithm handshakes - alternative formulation (was Re: "sig" modifier (was: Extension spec: Static-Static Pattern Modifiers))
Trevor Perrin
trevp at trevp.net
Wed Nov 28 01:23:58 PST 2018
On Sat, Nov 24, 2018 at 4:59 PM Justin Cormack
<justin at specialbusservice.com> wrote:
>
> Oh and another motivating example, you can combine different patterns,
> eg combine
> KK and XXsig which I think might be useful when using the DH keys as
> capabilities
> and the signatures to audit the user of the capabilities. The "d"
> doubling does not
> allow these kind of mixed patterns.
Cool, I think these names look better than my attempt, and I can
believe this has more flexibility.
I'm not sure what the composition rules are though, and whether
they're well-behaved and simple if we wrote them down?
Also, how to specify different public-key algorithms needs more
thought, since different patterns could reference the same or
different signature/KEM/DH algorithms, initiator or responder could
use multiple algorithms, etc.
For example, we could add numbers to the end of each modifier which
apply to the modified tokens and reference some public key algorithm:
XXsig1_25519+Ed25519:
-> e
<- e, ee, s1, sig1
-> s1, sig1
But you were also writing sig patterns without a number suffix, so I'm
not sure which approach is most composable (and it would be good to
figure something out at least for signatures, so we can knock out a
sig spec soon).
Trevor
More information about the Noise
mailing list