[noise] Pre-shared Secret - preventing DoS, and ensuring post-quantum PFS
Jonathan Rudenberg
jonathan at titanous.com
Wed Nov 11 18:05:59 PST 2015
> On Nov 11, 2015, at 3:22 AM, Jason A. Donenfeld <Jason at zx2c4.com> wrote:
>
> Hi Trevor,
>
> Hopefully it's not too late to discuss this...
>
> It occurred to me that Noise could benefit from having a pre-shared secret option, which could be in use by multiple peers at once.
I was looking at pre-shared keys with the specific constraint that I want to generate a minimum amount of key material once before the peers that are communicating exist.
The solution I came up with is this:
A single preshared key is given to the peers that are going to communicate. The peers exchange ephemeral public keys as pre-messages, and then initialize the HandshakeState with dhee and a prologue of MAC(psk, initiatorPubkey || receiverPubkey).
This seems to be a simple way to do a low-friction PSK that authenticates the client and the server. Any weaknesses that I’ve missed? (obviously it doesn’t address anything DoS-related and I’m not really familiar with post-quantum)
Jonathan
More information about the Noise
mailing list