[noise] Clever UDP Keying
Michael Hamburg
mike at shiftleft.org
Mon Aug 3 17:17:58 PDT 2015
You could use an Axolotl-style ratchet. You have a “spine” key which you hash after every packet to obtain both a new spine key and a packet key. Every packet is numbered or otherwise identified clearly with a packet key. The recipient has to save the skipped-over packet keys until it knows that it will ignore that packet.
— Mike
> On Aug 3, 2015, at 5:00 PM, Jason A. Donenfeld <Jason at zx2c4.com> wrote:
>
> Hi folks,
>
> With TCP, you can rekey after every packet if you want, because
> delivery is guaranteed. Horrah!
>
> With UDP, we don't have the same luxury. Packets even come out of
> order. The best "obvious" solution is to rekey based on a timer.
>
> The noise spec now relaxes the rekeying requirement to allow for
> UDP-based usage, which is nice.
>
> I'm wondering if anybody has any ideas of how to do something similar
> to "rekeying after every packet" without reinventing some half-assed
> TCP variant (adding ACK messages, etc), where the key mutates. That is
> to say - is there some way in which packets coming out of order, or
> not being delivered at all, can mutate a symmetric key in a useful
> way? Has there been much research into interesting crypto systems that
> would have this nice property? Anyone know of any papers I could read?
>
> Thanks,
> Jason
> _______________________________________________
> Noise mailing list
> Noise at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/noise
More information about the Noise
mailing list