[noise] Noise Explorer

Trevor Perrin trevp at trevp.net
Thu May 24 09:10:11 PDT 2018


On Thu, May 24, 2018 at 12:05 PM, Nadim Kobeissi
<nadim at symbolic.software> wrote:
> Hello everyone,
> I've been following up on all of these discussions very closely, but have
> not said anything because I've been working furiously on getting all the
> formal results for all 22 deferred patterns *with* two "tokenless" messages
> out. I'm afraid that with the addition of two "tokenless" messages to every
> single model, the cost of verification increases dramatically. Things are
> still going to take quite a long time -- I wish we weren't nearing June, at
> least I'd have a use for the free radiators I now have in my apartment due
> to this -- quite a lot of finely tuned dedicated hardware is now dealing
> with the formal verification load.
>
> An important clarification: Trevor says the following:
>> Thinking more on rev34, it would probably be irresponsible to publish
>> *without* security tables for all the deferred patterns...  So I'd
>> love to work out how to get your output processed into some tables
>> like the current ones (or possibly changed around a bit, depending on
>> that discussion).  Or really: for you to work that out, so I could
>> just copy-and-paste :-)....
>
> Trevor, the security tables for 20 of the deferred patterns are already
> available on Noise Explorer's website. They simply do not include the
> "tokenless" messages. Just a note in the event that you missed that. :-)
>
> Regarding the discussions on security properties, I'm personally currently
> satisfied with the recognition that any deferred pattern that opens up a
> potential UKS attack will simply never qualify towards authenticity grades
> 3 and 4 (as defined by Noise Explorer) and will always be restricted to a
> maximum of 1 or 2 (as defined by Noise Explorer, see my previous email
> where I list a "very quick summary" of the additions to the authenticity
> properties.)

Hmm, the way I think about it, no patterns should ever open up a
potential UKS attack?  Also, the deferred patterns should end up with
the same properties as their corresponding fundamental pattern, since
they perform the same operations.

Looking more closely at your numeric grades, I think your two new
authentication grade numbers just correspond to the Noise
authentication grades 0-2, except you use 2 new numbers based on the
confidentiality grade it's being paired with:

("NE" for Noise Explorer):

NE 0 -> spec(0, 0-2)
NE 1 -> spec(1, 0-2)
NE 2 -> spec(2, 0-2)
NE 3 -> spec(1, 3-5)
NE 4 -> spec(2, 3-5)

In other words, I don't think these new NE grades encode new
information.  So I'm not yet convinced they improve things versus the
Noise spec's system, seems like we could map your 3->1, and your 4->2,
and bring things into alignment?

Trevor


More information about the Noise mailing list