[noise] Noise XK 5 should be a 4?

Nadim Kobeissi nadim at symbolic.software
Tue Apr 30 06:00:18 PDT 2019


https://noiseexplorer.com/patterns/XK/E.html

Nadim Kobeissi
Symbolic Software • https://symbolic.software
Sent from office


On Tue, Apr 30, 2019 at 6:07 AM david wong <davidwong.crypto at gmail.com>
wrote:

> Oh right! The payload authenticates the handshake.
>
> I suggest a payload token!
>
> David
>
> > On Apr 29, 2019, at 8:56 PM, Trevor Perrin <trevp at trevp.net> wrote:
> >
> >> On Mon, Apr 29, 2019 at 6:22 PM david wong <davidwong.crypto at gmail.com>
> wrote:
> >>
> >> I think my brain is farting, but shouldn't XK's last message provide a
> 4 in dest payload security?
> >
> > I think the spec is right (5).
> >
> >
> >> You can send your own e as the server's response and the client's last
> handshake payload will have weak forward secrecy
> >
> > Forging the responder(server)'s response requires knowledge of either
> > the responder's static private key or the initiator's ephemeral
> > private key.
> >
> > In the messages marked 5 the sender has authenticated the recipient's
> > ephemeral using their own (sender) ephemeral and the recipient's
> > static key, so there's no "weak forward secrecy" issues.
> >
> >
> > Trevor
> _______________________________________________
> Noise mailing list
> Noise at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/noise
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20190430/cb5d2c22/attachment.html>


More information about the Noise mailing list