[noise] Questions about Signatures for Noise spec
justin at specialbusservice.com
Mon Apr 8 05:10:41 PDT 2019
On Mon, 8 Apr 2019 at 12:36, Lucas Manuel Rodriguez
<lucarodriguez at gmail.com> wrote:
> Hello folks,
> I'm working on a system that relies heavily in public key signatures and I came across the "Signatures for Noise" spec .
> Knowing it's unofficial/unstable I hope it's ok to ask a couple of questions here.
> 1) There's the following paragraph In the "Signature modifiers" section:
> "The "sig" modifier can only be used with patterns where "se" is not sent by
> the responder and "es" is not sent by the initiator, and "ss" does not appear.
> Attempting to apply it other patterns is invalid."
> It would be nice if you could elaborate those statements.
For "ss" there is no equivalent with signatures; the other two just
point out that you
can only sign an outbound message, signatures don't have the symmetry that DH
> 2) Are you seeing a path towards "hybrid" patterns? Hybrid as in: DH + Signatures, e.g.:
> <- s
> -> e, es, s1, sig
> (The above pattern would allow 0-RTT encryption and authentication of initiator via signatures)
We have discussed hybrid patterns, there are some notes from the
January meetup, and I am
planning to do some more work on this. I think they can be useful in
> Or are there any problems/vulnerabilities that would prevent this from happening?
You can still replay these, so it is not a solution to all issues,
although if you have another
way to prevent replay it can be useful.
> I'm new to the Noise Framework, so please bear with me :)
> : https://github.com/noiseprotocol/noise_sig_spec
> Lucas Manuel Rodríguez.
> Noise mailing list
> Noise at moderncrypto.org
More information about the Noise