[noise] Pattern validity questions

Alex alex at centromere.net
Sun May 14 13:36:09 PDT 2017


On Sun, 14 May 2017 20:11:53 +0000
Trevor Perrin <trevp at trevp.net> wrote:

> On Sun, May 14, 2017 at 8:06 PM, Alex <alex at centromere.net> wrote:
> >
> > Noise_IK(s, rs):
> >    <- s
> >    ...  
> >    -> e, es, s, ss  
> >    <- e, ee, se
> >
> > it is valid for the initiator to send encrypted data in the payload
> > of its first Noise message, *only* because of the presence of the
> > `es` token, correct? In other words, had that token not been there,
> > it would be an invalid pattern?  
> 
> Right - without the es, the static key derived from ss would be used
> repeatedly for encryption, without randomization, which is
> catastrophic for security.
> 

Great, thanks for clarifying.

-- 
Alex


More information about the Noise mailing list