[noise] NoiseSocket revision 1

Alexey Ermishkin scratch.net at gmail.com
Wed Aug 2 12:38:39 PDT 2017

Hello everyone!
Couple of thoughts after DEF CON and publishing an article in Russian on habr.ru:

1) Those who understand what this is are very excited and welcomed Noise very warm
2) People want IoT and, surprisingly, JS demos. IoT is on us, JS.....
3) I had one question regarding increasing maximum transport packet size to megabytes instead of 64k.  For datacenter/highload guys. Interesting!
4) We know guys who are going to implement all needed Noise primitives (25519, chacha, blake) in SILICON. Which is a huge step towards making NoiseSocket a standard IoT protocol
5) NGINX module running NoiseSocket is also a huge win. It's just a PoC for now, but we see a big future for him. Also was a huge pain in the ass to implement

So, looks like we did the good job and definitely moving in a right direction. 

-----Original Message-----
From: Noise [mailto:noise-bounces at moderncrypto.org] On Behalf Of Trevor Perrin
Sent: Saturday, July 29, 2017 10:46 PM
To: noise <noise at moderncrypto.org>
Subject: [noise] NoiseSocket revision 1

Hi folks,

Alexey and I have a NoiseSocket revision 1 spec, take a look:


(Also published on the website.)

I tentatively think this is a good design:
 * Doesn't need changes to the Noise core.
 * Supports negotiating patterns, DH, symmetric crypto, and 0-RTT fallback.
 * Simple model where the initiator chooses an "initial" Noise protocol and advertises alternatives, and the responder has the option of changing.

This isn't yet a high-level / simple protocol, however.  So the next step would be writing higher-layer specs that define contents for the negotiation_data.

For example, I'd like to try a string-based syntax that could be translated easily into protobufs, JSON, XML, etc, allowing conversations like:


initial_protocol = "Noise_IK_25519_ChaChaPoly_BLAKE2s"
other_patterns = {"XX", "NX", "XX+hfs", "NX+hfs"} other_asymmetric = {"448", "25519+Kyber", "448+Kyber"} other_cipher = {"AESGCM"} other_hash = {"SHA256", "SHA512", "BLAKE2b"}


fallback_protocol = "Noise_XX+hfs+fallback_448+Kyber_AESGCM_SHA512"

But there's other approaches we could experiment with, e.g.
 - Simple version numbers
 - More efficient binary encoding with number registries
 - Mirroring other protocols (e.g. TLS, IPsec, SSH etc) to use their number registries and see if we can replicate their functionality

Anyways, would be great to get feedback on this spec, as well as start thinking about how to build on it.

Noise mailing list
Noise at moderncrypto.org

More information about the Noise mailing list