[noise] Hybrid Forward Secrecy, version 1draft-3
Trevor Perrin
trevp at trevp.net
Sat Oct 8 13:55:42 PDT 2016
On Fri, Oct 7, 2016 at 4:25 PM, Rhys Weatherley
<rhys.weatherley at gmail.com> wrote:
> I have updated the hfs and New Hope extensions. The main changes are:
>
> - Use the token naming conventions from revision 31 of the Noise
> specification.
> - Replace the "f, g, fg" token set with "f, ff".
>
> https://github.com/rweather/noise_spec/blob/forward_secrecy/extensions/ext_hybrid_forward_secrecy.md
> https://github.com/rweather/noise_spec/blob/forward_secrecy/extensions/ext_newhope.md
Looks roughly right, definitely worth a close read and trial
implementation. Quick comments:
* It's not immediately obvious that "r" could be empty in
GENERATE_KEYPAIR_F, until you read further. Also - should it be "rf"?
* In ReadMessage(), formatting is off.
* Do we want to allow re-use of the "f" value? I was leaning away
from that, but not sure.
* Are bullets 2 and 5 in "Pattern Validity" necessary?
* The "Future Directions" stuff needs more work, of course.
> In the same forked branch I have also created a machine-readable pattern
> dictionary for all of the patterns in the Noise specification and the hfs
> extension:
>
> https://github.com/rweather/noise_spec/tree/forward_secrecy/patterns
>
> I'm working on some Python scripts to process this format, for help in
> analysing patterns
Cool, look forward to that, if we could automatically double-check the
security properties, that would be a big step forward.
Trevor
More information about the Noise
mailing list