[noise] writing a Rust sans-IO Noise protocol
Trevor Perrin
trevp at trevp.net
Sun Jun 10 23:46:05 PDT 2018
On Sun, Jun 10, 2018 at 3:48 PM, Jake McGinty <me at jake.su> wrote:
> Exciting - looking forward to it!
>
> I don't think there's a Kyber HFS extension written yet for the noise spec,
> so that should probably be on the eventual task list too so that snow
> doesn't stray from the spec.
Keep in mind we haven't finalized the design/specs for post-quantum
KEMs. So if you (or anyone) wanted to work on this, a good first step
would be extension specs that cover KEMs, and allow multiple key-types
and algorithms in the same handshake.
There was Rhys's original proposal, which treated this as an
additional sort of DH:
https://github.com/noiseprotocol/noise_spec/blob/master/extensions/ext_hybrid_forward_secrecy.md
More recently, I suggested a more complicated framework that deals
with KEMs and signatures explicitly, and allows hybrid authentication
(instead of just forward-secrecy), and different algorithms for
different types of keys:
https://moderncrypto.org/mail-archive/noise/2018/001499.html
It might be worth using the more-general KEM syntax from my proposal,
but using it with a simple "hfs" modifier for now, to defer the more
complicated modifier syntax for later.
Trevor
More information about the Noise
mailing list