[noise] Explicit nonces (for lossy transports)

Naveen Nathan naveen at lastninja.net
Mon Jun 19 08:01:50 PDT 2017

On Thu, Jun 15, 2017 at 06:15:27PM +0000, Trevor Perrin wrote:
> Yeah, I think we're all agreed that mechanisms for lost / out-of-order
> messages don't belong in the Noise crypto spec but in a layer above it
> (like WireGuard, or like the "Simple 0-RTT Protocol" Alexey and I are
> discussing).

I think we're overlooking the possibility where Noise supplants
the existing symmetric ciphers for AES-GCM-SIV and the potential
candidates from CAESAR[1] competition. This would effecitvely
allow Noise to eliminate the nonce requirement, further simplify
the spec, and not require messy workarounds to get noise to operate
over sequential or non-sequential transports.

[1] https://competitions.cr.yp.to/caesar.html

More information about the Noise mailing list