[noise] Channel-bound keys
Trevor Perrin
trevp at trevp.net
Tue Mar 14 15:23:53 PDT 2017
On Mon, Mar 13, 2017 at 2:44 PM, Trevor Perrin <trevp at trevp.net> wrote:
>
> So I added a notion of a "channel-binding value" based on some
> "channel-binding label", cbv = HASH(h || label). You can think of
> this as an additional MixHash step which gives you a specialized
> channel-binding value for different uses.
>
> https://github.com/noiseprotocol/noise_spec/blob/rev32/noise.md
> https://github.com/noiseprotocol/noise_spec/blob/rev32/output/noise.pdf
I tweaked the text:
* It's now clearer that libraries shouldn't export the raw handshake
hash, they should only provide access to channel-binding values based
on application-chosen labels
* changed cbv = HASH(h || label) to cbv = HMAC-HASH(h, label) to
prevent length-extension. It's unlikely that would matter, but since
we can't control how applications use cbv's, we should probably make
this as safe as possible.
Trevor
More information about the Noise
mailing list