<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:2.0cm 42.5pt 2.0cm 3.0cm;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=RU link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:EN-US'>Thanks, Nadim! <br>This is excellent news!<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><b>From:</b> Nadim Kobeissi <nadim@symbolic.software> <br><b>Sent:</b> Monday, January 28, 2019 12:18 AM<br><b>To:</b> Alexey Ermishkin <scratch.net@gmail.com><br><b>Cc:</b> noise <noise@moderncrypto.org><br><b>Subject:</b> Re: [noise] Noise Explorer: Generate Software Implementations<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal>Dear Alexey,<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>Circling back to this, I'd like to give you an update that we now pass all structs by pointer and not by value:<o:p></o:p></p></div><div><p class=MsoNormal><a href="https://github.com/SymbolicSoft/noiseexplorer/commit/29ef5bb94f03a9b5c244b71baf9042a835265f07">https://github.com/SymbolicSoft/noiseexplorer/commit/29ef5bb94f03a9b5c244b71baf9042a835265f07</a><o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Combined with some other improvements we've made to the implementations (constant time fixes, automated test suite with all 60 Noise Handshake Patterns in Noise Explorer passing the test vectors, etc.) I really think the Go implementations are now on excellent footing and perhaps even ready for production use.<br clear=all><o:p></o:p></p><div><div><div><div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Nadim Kobeissi<o:p></o:p></p><div><p class=MsoNormal>Symbolic Software <span style='font-size:12.0pt;color:#545454'>• <a href="https://symbolic.software" target="_blank">https://symbolic.software</a></span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:12.0pt;color:#545454'>Sent from office</span><o:p></o:p></p></div></div></div></div></div></div><p class=MsoNormal><o:p> </o:p></p></div></div></div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal>On Thu, Jan 17, 2019 at 5:32 AM Alexey Ermishkin <<a href="mailto:scratch.net@gmail.com">scratch.net@gmail.com</a>> wrote:<o:p></o:p></p></div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm'><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US>Thanks for the response!<br>I might consider using this code in the next version of my NoiseSocket-Go implementation</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b>From:</b> Nadim Kobeissi <<a href="mailto:nadim@symbolic.software">nadim@symbolic.software</a>> <br><b>Sent:</b> Thursday, January 17, 2019 9:19 AM<br><b>To:</b> Alexey Ermishkin <<a href="mailto:scratch.net@gmail.com" target="_blank">scratch.net@gmail.com</a>><br><b>Cc:</b> noise <<a href="mailto:noise@moderncrypto.org" target="_blank">noise@moderncrypto.org</a>><br><b>Subject:</b> Re: [noise] Noise Explorer: Generate Software Implementations<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Hi Alexey,<o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>There is no good reason for that. I simply haven't bothered to optimize the generated code at all yet for performance besides some basic measures.<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Similar issues will likely be spotted and I welcome feedback.<br clear=all><o:p></o:p></p><div><div><div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Nadim Kobeissi<o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Symbolic Software <span style='font-size:12.0pt;color:#545454'>• <a href="https://symbolic.software" target="_blank">https://symbolic.software</a></span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:12.0pt;color:#545454'>Sent from office</span><o:p></o:p></p></div></div></div></div></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>On Thu, Jan 17, 2019 at 4:53 AM Alexey Ermishkin <<a href="mailto:scratch.net@gmail.com" target="_blank">scratch.net@gmail.com</a>> wrote:<o:p></o:p></p></div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt'><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US>Hi Nadim, thanks for the great work!</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US>I have one question: Why all structs are passed by value, not by pointer? </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b>From:</b> Noise <<a href="mailto:noise-bounces@moderncrypto.org" target="_blank">noise-bounces@moderncrypto.org</a>> <b>On Behalf Of </b>Nadim Kobeissi<br><b>Sent:</b> Thursday, January 17, 2019 1:48 AM<br><b>To:</b> noise <<a href="mailto:noise@moderncrypto.org" target="_blank">noise@moderncrypto.org</a>><br><b>Subject:</b> [noise] Noise Explorer: Generate Software Implementations<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div><div><div><div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Hello everyone,<o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>A central promise that I made during Real World Crypto last week [0] was that Noise Explorer would soon support generating software implementations.<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Well, I am now pleased to announce that Noise Explorer can generate software implementations for arbitrary Noise Handshake Patterns, written in Go [1].<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>As always, you may try out Noise Explorer here:<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><a href="https://noiseexplorer.com/" target="_blank">https://noiseexplorer.com/</a><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>In the rest of this email, I will answer some questions which may be of interest to readers of this mailing list.<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Q1: Why did you choose Go?<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>A1: I chose Go as the initial target for the following reasons:<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> - Go is my favorite programming language and I think it's very enjoyable to write software in.<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> - Go allows for the production of independent executable for a very wide variety of operating systems and architectures.<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> - Go is definitely among the top languages (if not the top language) used in network applications where Noise would be relevant.<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> - Go is a relatively simple language, which makes it ideal as the initial target for code generation.<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> - An encouraging discussion occurred with Mr. Filippo Valsorda, the maintainer of Go's crypto libraries, during which he indicated a level of commitment to Go having a strong, maintained and modern stack of the cryptographic primitives necessary for Noise Protocols to work.<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> - Go allows for constant time cryptography, unlike for example JavaScript, while still being safer than for example C.<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> - Yes, I know that Go does not currently support erasing secrets from memory. I wish it did.<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Q2: Are future languages planned?<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>A2: Yes. I plan to integrate the following languages:<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> - WASM: This will allow for small, portable Noise Handshake Pattern modules to be usable within web applications. Go supports native compilation to WASM, so I predict that this WASM code generation will be supported soon and with minimal fuss.<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> - Rust: The impressively strong type system of Rust will allow us to reason more about the properties and constraints of certain components of a Noise Handshake Pattern, such as for example the one-time usage of ephemeral keys. These type checks, which may be onerous to write by hand, will be good to generate automatically using Noise Explorer.<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> - F*: Same as Rust, but even more checks as well as proofs on algebraic matters using Z3.<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Q3: Can I help integrate my own language?<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>A3: You should be able to but you'll need to do some tinkering. Noise Explorer does indeed use a modular, template-based framework, but despite my attempts to clean it up as much as possible it's still fairly opinionated and sometimes arbitrary. You can try, and you will likely succeed, but you will need to decipher the templates yourself. Happily, it's not very hard to do so.<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Q4: Can I use these generated implementations in production today?<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>A4: It appears to me that there likely exists no serious problems in today's generated Go code. I would advise to test them out first, however, and perhaps read the code closely, at least for the first couple of weeks. I have tested the generated code locally for only a few days so far. It does seem to pass the test vectors provided by Cacophony [2] but I am still working on more tests, with the assistance of an undergraduate student who has expressed interest in writing a full test suite for Noise Explorer-generated implementations. So: yes, my code looks good, but no, it's only existed for a few days and I don't know whether I can just tell you to roll it out inside your mission-critical flying ambulance airplane without first reading the generated code yourself.<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Q5: Will these implementations be updated to support Revision 35, 36, etc. of the Noise Protocol Framework?<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Q5: Yes.<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Q6: I noticed that I am constrained by these generated implementations to a single cipher suite. Why is that?<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>A6: This is for no good reason. I will soon support specifying your own cipher suites. Right now, you are constrained only to 25519_ChaChaPoly_BLAKE2s. I chose this cipher suite because:<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> - It uses very nice primitives across the board.<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> - It is used by WireGuard.<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Q7: Any other future plans for Noise Explorer?<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>A7: No. The only things I have on my plate are what was listed above:<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> - WASM, Rust and F* support.<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> - More comprehensive automated test suites for generated implementations.<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> - Cipher suite support.<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> - Keep everything up to spec with upcoming official revisions to the Noise Protocol Framework.<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>All of the above points are tracked on GitHub: <a href="https://github.com/SymbolicSoft/noiseexplorer/issues" target="_blank">https://github.com/SymbolicSoft/noiseexplorer/issues</a><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>I hope Noise Explorer will continue to be useful to the world!<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>References:<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>[0] <a href="https://www.youtube.com/watch?v=ZrcdDJhbPKQ" target="_blank">https://www.youtube.com/watch?v=ZrcdDJhbPKQ</a><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>[1] <a href="https://golang.org" target="_blank">https://golang.org</a><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>[2] <a href="http://hackage.haskell.org/package/cacophony" target="_blank">http://hackage.haskell.org/package/cacophony</a><br clear=all><o:p></o:p></p><div><div><div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Nadim Kobeissi<o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Symbolic Software <span style='font-size:12.0pt;color:#545454'>• <a href="https://symbolic.software" target="_blank">https://symbolic.software</a></span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:12.0pt;color:#545454'>Sent from office</span><o:p></o:p></p></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></blockquote></div></div></div></blockquote></div></div></body></html>