[noise] signature questions

Trevor Perrin trevp at trevp.net
Sat Sep 29 20:21:13 PDT 2018


On Thu, Sep 13, 2018 at 8:51 AM David Wong <davidwong.crypto at gmail.com> wrote:
>
> >
> > I have been thinking about writing up details of signatures in Noise,
> > and had a few questions for discussion.
> >
>
> I missed a train, what are these signatures for?


We have so many in-progress conversations I'm trying to track the main
ones on the Wiki, so people can quickly see status.  I've grouped
adding signatures / KEMs / other DH operations as "Multi-Algorithm
Patterns":

https://github.com/noiseprotocol/noise_wiki/wiki
https://github.com/noiseprotocol/noise_wiki/wiki/Multi-Algorithm-Patterns

Rationale for signatures might be:
 * You already have signing keys and want to use Noise
 * You want to use signing keys for identity keys instead of DH keys
 * You want a protocol that supports different types of identity keys,
which is easier with signatures instead of DH
 * You want to do authentication in an initial message, which you can
do (in replayable form) with signatures more easily than DH
 * Signatures have different security tradeoffs (less deniability, but
also more KCI-resistance, since verifying them doesn't depend on your
own secret key).

Trevor


More information about the Noise mailing list