[noise] [EXT] Re: Multi party psk

Jason A. Donenfeld Jason at zx2c4.com
Thu Jun 8 16:02:12 PDT 2017

> Or, the new handshake
> might just do an unauthenticated Noise_NN to get forward-secrecy for
> the new session, but rely on the PSK to extend the earlier session's
> authentication.

I always wondered about doing something like Noise_NNpsk0 as a
replacement for the various PAKEs. You expand the password into a
proper shared secret, which you then set as the PSK. The PSK would
then act as both an authenticator and as some poorman's PQ, while the
dhee would provide forward secrecy. Though, perhaps this doesn't have
all the same properties as a proper PAKE?

More information about the Noise mailing list