[noise] NoiseSocket revision 1

Trevor Perrin trevp at trevp.net
Sat Jul 29 10:46:09 PDT 2017

Hi folks,

Alexey and I have a NoiseSocket revision 1 spec, take a look:


(Also published on the website.)

I tentatively think this is a good design:
 * Doesn't need changes to the Noise core.
 * Supports negotiating patterns, DH, symmetric crypto, and 0-RTT fallback.
 * Simple model where the initiator chooses an "initial" Noise
protocol and advertises alternatives, and the responder has the option
of changing.

This isn't yet a high-level / simple protocol, however.  So the next
step would be writing higher-layer specs that define contents for the

For example, I'd like to try a string-based syntax that could be
translated easily into protobufs, JSON, XML, etc, allowing
conversations like:


initial_protocol = "Noise_IK_25519_ChaChaPoly_BLAKE2s"
other_patterns = {"XX", "NX", "XX+hfs", "NX+hfs"}
other_asymmetric = {"448", "25519+Kyber", "448+Kyber"}
other_cipher = {"AESGCM"}
other_hash = {"SHA256", "SHA512", "BLAKE2b"}


fallback_protocol = "Noise_XX+hfs+fallback_448+Kyber_AESGCM_SHA512"

But there's other approaches we could experiment with, e.g.
 - Simple version numbers
 - More efficient binary encoding with number registries
 - Mirroring other protocols (e.g. TLS, IPsec, SSH etc) to use their
number registries and see if we can replicate their functionality

Anyways, would be great to get feedback on this spec, as well as start
thinking about how to build on it.


More information about the Noise mailing list