[noise] Resumption PSKs
Trevor Perrin
trevp at trevp.net
Wed Jun 6 23:14:55 PDT 2018
On Wed, Jun 6, 2018 at 1:30 PM, David Wong <davidwong.crypto at gmail.com> wrote:
>> The issue is that the transport keys and these new "key chains" have
>> to be created at the same time, so that the value used to derive them
>> (the chaining key ck) can be deleted afterwards.
>
> I don't really like that Split() returns several values that will
> _most of the time_ not be useful to developers of protocols.
Split() would only return the values you ask for so hopefully most of
the time it won't be asked for unneeded key chains.
> I don't think these need to be created at the same time, you could
> iterate the chaining key one more time after Split() and keep that
> one. Then an export API could use this new chaining key to generate
> secrets.
If you want to defer creating specific key chains till after Split(),
then Split() would have to derive and hold onto a key it could use
later to derive the chains. Split() would have to do this without
knowing whether this key would be used.
So I'd argue that deriving the chains during Split() is more efficient
in terms of not generating and holding extra keys that might not be
used.
Trevor
More information about the Noise
mailing list