[noise] Revision 20
Trevor Perrin
trevp at trevp.net
Mon Feb 1 16:18:22 PST 2016
People weren't "getting" the spec, so I did a lot of rewriting and
restructuring, and added more info. Would appreciate feedback:
https://github.com/trevp/noise/blob/master/noise.md
Changes:
* Rewrote much of the Overview and early sections to be friendlier,
introduce concepts with more explanation and de-emphasize the
"object-oriented" pseudocode.
* Separated PSK logic into a separate section (6). I think it's
easier to explain on it's own, without complicating the rest of the
logic.
* Added security properties sections (7.4, 7.5) to analyze the
handshakes. Those were tricky, could use review.
No substantive changes to existing patterns, but a few things are close:
* Pattern validity rules are clarified
* Removed the _E patterns. Semi-ephemeral keys are a lot to
introduce, because they have different lifetimes than the "normal"
ephemeral keys. Also, you might want them signed, and we don't have
signatures yet. So I left them out, for now.
* Added a Noise_XR pattern corresponding to SIGMA-R, where the
initiator reveals their identity first. In talking to people about
key agreements like SIGMA, I realized this was a gap in our coverage.
* Added a notion of "null" public keys. This just acknowledges that
with current DH functions, a zeros input produces zeros output. This
is useful for using dummy public with patterns like Noise_XX, see 8.1.
Trevor
More information about the Noise
mailing list