[noise] Pre-shared Secret - preventing DoS, and ensuring post-quantum PFS

Trevor Perrin trevp at trevp.net
Thu Nov 12 00:25:55 PST 2015


On Wed, Nov 11, 2015 at 6:05 PM, Jonathan Rudenberg
<jonathan at titanous.com> wrote:
>
> I was looking at pre-shared keys with the specific constraint that I want to generate a minimum amount of key material once before the peers that are communicating exist.
>
> The solution I came up with is this:
>
> A single preshared key is given to the peers that are going to communicate. The peers exchange ephemeral public keys as pre-messages, and then initialize the HandshakeState with dhee and a prologue of MAC(psk, initiatorPubkey || receiverPubkey).
>
> This seems to be a simple way to do a low-friction PSK that authenticates the client and the server. Any weaknesses that I’ve missed?

You're doing authentication with the PSK, but not encrypting with it,
I guess it's nice if we could get "maximum" value from a PSK by doing
both.

Trevor


More information about the Noise mailing list