[noise] Security proofs for Noise

Paul Rösler paul.roesler at rub.de
Mon May 13 01:27:45 PDT 2019


Hi Trevor,

On 13.05.19 10:03, Trevor Perrin wrote:
> On Thu, May 9, 2019 at 5:46 AM Paul Rösler <paul.roesler at rub.de> wrote:
>> An interesting observation in our work is that, for a generic treatment
>> of protocols similar to Noise, it is necessary that the protocol itself
>> indicates to the environment during execution when a specific security
>> goal is reached. Otherwise it would be necessary to know how exactly the
>> analyzed protocol looks like, before defining what security for this
>> protocol means (which is not scientific). We therefore assumed that
>> Noise patterns output with every sent and received message an integer
>> that refers to a specific set of security properties, reached for the
>> transmission of the respectively transmitted message.
> [...]
>>
>> Actually we think that such an indication of security is not only useful
>> for a formal security analysis, but could be used by upper-layer
>> applications to decide when to send a certain message. If someone agrees
>> that this would be a useful extension to Noise, we would be happy to
>> discuss further details.
> 
> I'm not sure what you mean that is different from the "security
> properties" tables that are already in the Noise spec?
> 
> Maybe you could spell out what you mean by an "extension" a little more?
first of all it is great that Noise (in contrast to most other
cryptographic real-world protocols) provides such a detailed description
of security. Using Noise statically (e.g., without pattern negotiation)
does not need a dynamic output that tells an application which security
is currently reached (as this is clear by the spec), but if patterns are
selected dynamically, an interface that regards security goals may make
sense. So maybe this is only relevant for settings with pattern
negotiation.

>> [1] https://eprint.iacr.org/2019/436.pdf

Cheers,
Paul

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20190513/8fe73202/attachment.sig>


More information about the Noise mailing list