[noise] Security proofs for Noise

Trevor Perrin trevp at trevp.net
Mon May 13 01:03:37 PDT 2019

On Thu, May 9, 2019 at 5:46 AM Paul Rösler <paul.roesler at rub.de> wrote:
> as we advertised it around RWC 19, we wrote reduction-based proofs for
> many Noise patterns. We (Ben, Jörg, and me) finally published a preprint
> of our resulting paper on eprint [1]

Hi Paul, Jörg, Ben,

Great work!, thanks for all this.

> An interesting observation in our work is that, for a generic treatment
> of protocols similar to Noise, it is necessary that the protocol itself
> indicates to the environment during execution when a specific security
> goal is reached. Otherwise it would be necessary to know how exactly the
> analyzed protocol looks like, before defining what security for this
> protocol means (which is not scientific). We therefore assumed that
> Noise patterns output with every sent and received message an integer
> that refers to a specific set of security properties, reached for the
> transmission of the respectively transmitted message.
> Actually we think that such an indication of security is not only useful
> for a formal security analysis, but could be used by upper-layer
> applications to decide when to send a certain message. If someone agrees
> that this would be a useful extension to Noise, we would be happy to
> discuss further details.

I'm not sure what you mean that is different from the "security
properties" tables that are already in the Noise spec?

Maybe you could spell out what you mean by an "extension" a little more?

> [1] https://eprint.iacr.org/2019/436.pdf


More information about the Noise mailing list