[noise] Extra Symmetric Key
Alex
alex at centromere.net
Sat May 14 09:29:02 PDT 2016
On Thu, 12 May 2016 11:35:14 -0700
Trevor Perrin <trevp at trevp.net> wrote:
> The idea is simple, and similar to other proposals for "PQFS"
> (post-quantum forward secrecy): run a post-quantum exchange in
> parallel with a regular AKE, and then hash the keys together at the
> end. This means that if an attacker is recording traffic now, and
> later figures out how to break the DH keys, they can't go back and
> decrypt old traffic. But we don't have to worry about the PQ
> algorithm weakening things, if we do key derivation correctly.
>
> Thoughts?
>
What if your chosen PQ handshake requires more round-trips than your
chosen Noise handshake provides?
--
Alex
More information about the Noise
mailing list