[noise] Revision 32 draft (march 30)
Rhys Weatherley
rhys.weatherley at gmail.com
Sat Apr 1 14:43:28 PDT 2017
Sorry about the partial message. Darn email client.
On Fri, Mar 31, 2017 at 11:40 AM, Trevor Perrin <trevp at trevp.net> wrote:
> * Rekey capability:
> - Encryption with MAXNONCE is used to rekey by default, though we
> allow definition of a more specialized rekey for ciphers like
> AESGCM-SIV where we'd rather use the cipher key directly with AES,
> instead of going through the whole key-derivation / SIV process.
> - Up to application if/when/how to use this.
> - Would still like to analyze more, but this is probably good [1].
>
REKEY() looks good. The only nitpick I have is with "returns a new 32-byte
cipher key". I think in the next revision we should consider adding KEYLEN
and MACLEN constants to the Noise specification. Right now it is
hard-wired for 256-bit keys and 128-bit MAC's, but that assumption may not
hold forever. Consider:
Noise_XX_448_Threefish512EAX_BLAKE2b
That is, 512-bit Threefish in EAX mode. KEYLEN = MACLEN = 64 (MACLEN may
be truncated, but not necessarily only to 16).
Eventually we'll have to think about larger key and MAC sizes. Then
REKEY() becomes "returns a new KEYLEN-byte cipher key".
That's all I have for now - the other changed sections look A-OK.
Cheers,
Rhys.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20170402/046f8a63/attachment.html>
More information about the Noise
mailing list