[noise] MAC'ing recipient public key

Trevor Perrin trevp at trevp.net
Sun Jul 13 22:48:47 PDT 2014

On Sun, Jul 13, 2014 at 10:08 PM, Trevor Perrin <trevp at trevp.net> wrote:
> Another change:
> The recipient pubkey is included in the additional authenticated data
> for both box MACs.  This ensures that if the sender can decrypt a box,
> it must have been encrypted to the sender's pubkey.

I meant: if the _recipient can decrypt... it must have been encrypted
to the _recipient's_ pubkey.

>  While this can
> also be accomplished by taking care with the ECDH, I think it's
> simpler to just include the recipient's key into the mac.
> Also, I changed the order of arguments to ENCRYPT() to match
> noise_body(), so authtext is always listed last.
> https://github.com/trevp/noise/wiki/Boxes/_compare/02d72d5037ec2d83cb4342ea2b6f3a910d122412...51707f5223dbbeac09d64ec4c5a473b7be09ae34
> Trevor

More information about the Noise mailing list