[noise] Noise meetup at RWC 2019 - Thursday

Paul Rösler paul.roesler at rub.de
Wed Jan 9 12:23:29 PST 2019

Hi all,

unfortunately I won't attend RWC this year. As Trevor mentioned work on
the provable security of Noise, independent of Nadim's and Karthik's
great work on the formal verification of Noise patterns, Ben, Jörg, and
I analyzed the security of Noise via reduction based proofs (which
provides stronger statements on the analyzed patterns' security but our
analysis is manual). Due to having this work still/again in submission,
we didn't publish it yet (but I guess this is going to happen within the
next month).

Our results can be summarized as follows:
- We define security a bit more flexible than the spec does and also
consider security under the reveal of sessions' randomness. The
resulting security model is related to the multi stage key exchange
model by Fischlin and Günther (which itself cannot be applied to Noise
due to the immediate use of keys in Noise) and ACCE model by Jager et
al. (which also cannot be applied due to its static nature).
Consequently we designed a security model that is of independent
interest and can be useful for future analyses of other protocols.
- Our analysis confirms the statements (that we analyzed) in the spec
and in Nadim's and Karthik's work. Furthermore (as our analysis
considers additional security properties) we prove security of some
Noise patterns even if the randomness of the participating sessions are
known by the adversary.

As Ben also attends RWC and probably participates in the meeting
tomorrow, he will tell you more about it.


> Date: Mon, 7 Jan 2019 07:13:16 +0000
> From: Trevor Perrin <trevp at trevp.net>
> Subject: [noise] Noise meetup at RWC 2019 - Thursday
> Hi all,
> Last year we had a Noise meetup during Thurs lunch at RWC.  That
> timeslot worked well, so why don't we do the same this year?
> Tentatively say meet at 1PM for 1 hour (lunch is 1230-2).
> Last year we went around the room asking people what they want from
> Noise and would like to work on, and I also spent time fielding
> questions.
> What would people suggest for the agenda this year?
> My 2c: I feel like we have a lot of things in progress and sort of
>  * New patterns (including signatures, KEMs, PAKE, multi-algorithms)
>  * Symmetric-crypto overhaul (including SHO idea)
>  * NoiseSocket/NLS
> So I could spend a good bit of time just giving a status report /
> "State of Noise" and leading discussion on these areas.
> In addition, there's been a lot of work on security proofs and
> analysis of Noise, would be good to hear about the status of that
> (maybe we can get Karthik or Nadim or someone to talk about that).
> We could also do the "go-around-the-room" thing, or focus on anything
> else, if anyone has other ideas (assuming we can take 1 hour).
> Trevor

More information about the Noise mailing list