[noise] [EXT] Re: [EXT] Re: Multi party psk

Trevor Perrin trevp at trevp.net
Sat Jun 10 15:00:42 PDT 2017

On Thu, Jun 8, 2017 at 4:22 PM, Jonathan Moore <jmoore at spideroak-inc.com> wrote:
> I think something else that would make the spec easier to understand is to
> state explicitly the randomization of symmetric crypto depends on a using a
> random ephemeral asymmetric key for setup. This is implied in many places
> but the exact relationship between the symmetric encryption randomization
> and the ephemeral key is not explicitly called out early in the spec.

It's discussed in 7.1 and some rationale is in 15.3.  I'm not totally
sure were it would fit earlier.  Maybe 2.2. somewhere?

> In my, probably naive, reading this concept and the state chaining are the
> two core ideas in the crypto for noise.

I agree that the state chaining is a core idea, and I would say so is
the pattern language, and the heavy use of DH.

Using one-time ephemerals for randomization I view as a less-important
design decision (we could've easily added a random nonce, it's just
not necessary, makes messages larger, and would tempt people into
ephemeral reuse).


More information about the Noise mailing list