[noise] Hybrid Forward Secrecy, version 1draft-2
Trevor Perrin
trevp at trevp.net
Tue Sep 27 17:11:52 PDT 2016
On Tue, Sep 27, 2016 at 2:09 AM, Rhys Weatherley
<rhys.weatherley at gmail.com> wrote:
> On Tue, Sep 27, 2016 at 6:46 PM, Trevor Perrin <trevp at trevp.net> wrote:
>>
>> * If we change the existing notation so that "es" or "se" indicate
>> the initiator's value by the first character, then it may make sense
>> to allow "fg" and "gf" tokens that follow the same rule.
>>
>> * It's awkward to use f and rf for the state variables that match
>> both "f" and "g" tokens. I would think there should be g and rg
>> variables, so that this is handled consistently with s and e.
>
>
> Both of these were less awkward when it was just "f" and "dhff". :-)
Hmm, that's probably true.
> I've been working on the implementation for Noise-C (not pushed yet due to a
> bug in my test vector generator). Right now the code does this:
>
> case NOISE_TOKEN_F:
> case NOISE_TOKEN_G:
> if (token == NOISE_TOKEN_F)
> set-kex-object-into-alice-mode;
> else
> set-kex-object-into-bob-mode;
> ... rest of the code is the same for both ...
> break;
>
> So I'm not sure anything is really gained by separating "f" into "f" and
> "g".
[...]
> This design may be a quirk of how I've implemented Noise-C though. I'm keen
> for someone else to try implementing New Hope in Noise to see what other
> code shapes arise.
You could be right, I'll think about this more, and try some coding.
Trevor
More information about the Noise
mailing list