[noise] Boiled down noise implementation spec

Jason A. Donenfeld Jason at zx2c4.com
Mon Aug 31 15:41:55 PDT 2015


On Aug 31, 2015 3:55 PM, "Trevor Perrin" <trevp at trevp.net> wrote:
>
> On Mon, Aug 31, 2015 at 9:38 AM, Jason A. Donenfeld <Jason at zx2c4.com>
wrote:
> > Nonces for transport messages begin at 1, not at 0! This is because I
take
> > advantage of x86 primitives for "increment and return" as an atomic
> > operation, so I don't need locks for preventing nonce-reuse.
>
> Why are 1-based nonces better than 0-based nonces, on x86?

It just allows me to initialize the nonce at zero, and then when
encrypting, call "increment and return" as opposed to "return and
increment". There are various "programming things" that can work around
this, but it makes the code marginally less obvious and clear cut. So, I'm
opting for the atomic "increment and return" plus straightforwardness of
the code, rather than zero-based nonces.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20150901/ea3dc45c/attachment.html>


More information about the Noise mailing list