[noise] Notes and nits

Trevor Perrin trevp at trevp.net
Mon Jun 29 20:43:06 PDT 2015


On Mon, Jun 29, 2015 at 4:47 PM, Michael Hamburg <mike at shiftleft.org> wrote:
> Hi Trevor,
>
> I haven’t made a thorough pass through your spec yet, but I’m a little concerned by
> your use of KDF(GETKEY(k,n),input) as a key update mechanism.  My concern is
> that GETKEY(k,n) calls ENCRYPT, which is counter mode, so that it is exposed if
> the other party encrypts anything with k,n.

I'll think about this, but I think any sort of keystream reuse is
catastrophic, whether it involves the KDF or just sending overlapping
plaintext messages.

So this sounds like a security consideration about being careful with
protocols, but I'm not sure anything more is needed?

Trevor


More information about the Noise mailing list