[noise] writing a Rust sans-IO Noise protocol
dawuud
dawuud at riseup.net
Wed Jun 13 09:42:52 PDT 2018
I'm not actually sure when I'll be able to take a look at all of this.
Currently I am in Croatia attending Summer school on Real World Crypto and Privacy.
Afterwards I've got a bunch of mixnet related tasks to work on.
I was thinking to implement Rhys's hfs proposal. Given that Yawning has
already done this for our fork of flynn's golang noise library this should
be easy as I've got that example to copy over to the rust equivalent.
I could certainly wait until the spec is sorted before working on this...
then at least we could make the hfs modifier work for other KEMs besides New Hope,
such as Khyber. I might be able to help out with the spec if I play catch up
and read those links and devote some time.
On Mon, Jun 11, 2018 at 06:46:05AM +0000, Trevor Perrin wrote:
> On Sun, Jun 10, 2018 at 3:48 PM, Jake McGinty <me at jake.su> wrote:
> > Exciting - looking forward to it!
> >
> > I don't think there's a Kyber HFS extension written yet for the noise spec,
> > so that should probably be on the eventual task list too so that snow
> > doesn't stray from the spec.
>
> Keep in mind we haven't finalized the design/specs for post-quantum
> KEMs. So if you (or anyone) wanted to work on this, a good first step
> would be extension specs that cover KEMs, and allow multiple key-types
> and algorithms in the same handshake.
>
> There was Rhys's original proposal, which treated this as an
> additional sort of DH:
>
> https://github.com/noiseprotocol/noise_spec/blob/master/extensions/ext_hybrid_forward_secrecy.md
>
>
> More recently, I suggested a more complicated framework that deals
> with KEMs and signatures explicitly, and allows hybrid authentication
> (instead of just forward-secrecy), and different algorithms for
> different types of keys:
>
> https://moderncrypto.org/mail-archive/noise/2018/001499.html
>
>
> It might be worth using the more-general KEM syntax from my proposal,
> but using it with a simple "hfs" modifier for now, to defer the more
> complicated modifier syntax for later.
>
> Trevor
More information about the Noise
mailing list