[noise] signature questions
Trevor Perrin
trevp at trevp.net
Sat Sep 29 20:21:13 PDT 2018
On Thu, Sep 13, 2018 at 8:51 AM David Wong <davidwong.crypto at gmail.com> wrote:
>
> >
> > I have been thinking about writing up details of signatures in Noise,
> > and had a few questions for discussion.
> >
>
> I missed a train, what are these signatures for?
We have so many in-progress conversations I'm trying to track the main
ones on the Wiki, so people can quickly see status. I've grouped
adding signatures / KEMs / other DH operations as "Multi-Algorithm
Patterns":
https://github.com/noiseprotocol/noise_wiki/wiki
https://github.com/noiseprotocol/noise_wiki/wiki/Multi-Algorithm-Patterns
Rationale for signatures might be:
* You already have signing keys and want to use Noise
* You want to use signing keys for identity keys instead of DH keys
* You want a protocol that supports different types of identity keys,
which is easier with signatures instead of DH
* You want to do authentication in an initial message, which you can
do (in replayable form) with signatures more easily than DH
* Signatures have different security tradeoffs (less deniability, but
also more KCI-resistance, since verifying them doesn't depend on your
own secret key).
Trevor
More information about the Noise
mailing list