[noise] Extra key derivation - use cases, mechanisms

alex at centromere.net alex at centromere.net
Thu Jan 19 07:01:27 PST 2017


On 2017-01-19 05:49, Trevor Perrin wrote:
> We've had a few discussions about deriving extra keys for various
> uses.  I'll try to collect the use cases and some options:
> 
> Use cases for extra keys
> -------------------------
> 
> (1) REKEY:  During the transport phase, the application might want to
> replace an old k with new k such that compromise of new k doesn't
> compromise old k.
> 

Could this legitimately be called "forward secrecy"?

If the adversary compromises the first/oldest k, you're completely SOL,
right?

> (2) PSK for renegotiation/resumption:  A key derived from an old
> session could be used as PSK in a new handshake either contained
> within the original session (renegotiation) or some time later
> (resumption).
> 

What exactly is the difference between renegotiation and resumption?

Does the former require one or more DH operations while the latter
requires zero?


More information about the Noise mailing list