[noise] Revision 32 draft (march 30)

Rhys Weatherley rhys.weatherley at gmail.com
Sat Apr 1 14:43:28 PDT 2017


Sorry about the partial message.  Darn email client.

On Fri, Mar 31, 2017 at 11:40 AM, Trevor Perrin <trevp at trevp.net> wrote:

>  * Rekey capability:
>    - Encryption with MAXNONCE is used to rekey by default, though we
> allow definition of a more specialized rekey for ciphers like
> AESGCM-SIV where we'd rather use the cipher key directly with AES,
> instead of going through the whole key-derivation / SIV process.
>    - Up to application if/when/how to use this.
>    - Would still like to analyze more, but this is probably good [1].
>

REKEY() looks good.  The only nitpick I have is with "returns a new 32-byte
cipher key".  I think in the next revision we should consider adding KEYLEN
and MACLEN constants to the Noise specification.  Right now it is
hard-wired for 256-bit keys and 128-bit MAC's, but that assumption may not
hold forever.  Consider:

Noise_XX_448_Threefish512EAX_BLAKE2b

That is, 512-bit Threefish in EAX mode.  KEYLEN = MACLEN = 64 (MACLEN may
be truncated, but not necessarily only to 16).

Eventually we'll have to think about larger key and MAC sizes.  Then
REKEY() becomes "returns a new KEYLEN-byte cipher key".

That's all I have for now - the other changed sections look A-OK.

Cheers,

Rhys.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20170402/046f8a63/attachment.html>


More information about the Noise mailing list