[noise] Extra Symmetric Key

Alex alex at centromere.net
Sat May 14 09:29:02 PDT 2016

On Thu, 12 May 2016 11:35:14 -0700
Trevor Perrin <trevp at trevp.net> wrote:

> The idea is simple, and similar to other proposals for "PQFS"
> (post-quantum forward secrecy): run a post-quantum exchange in
> parallel with a regular AKE, and then hash the keys together at the
> end.  This means that if an attacker is recording traffic now, and
> later figures out how to break the DH keys, they can't go back and
> decrypt old traffic.  But we don't have to worry about the PQ
> algorithm weakening things, if we do key derivation correctly.
> Thoughts?

What if your chosen PQ handshake requires more round-trips than your
chosen Noise handshake provides?


More information about the Noise mailing list