[noise] nyquist - Yet another Noise Protocol Framework implementation
dawuud at riseup.net
Wed Aug 28 01:20:11 PDT 2019
Hi Yawning, this sounds pretty cool. Perhaps Katzenpost should start using nyquist
once we make it work with HFS XX using X25519 and Kyber.
Daan Sprenkels made some recent unmerged progress getting Kyber into the Rust noise crate
On Mon, Aug 19, 2019 at 08:58:14AM +0000, Yawning Angel wrote:
> Due to the need for something to do in my spare time, I have spent some
> time on and off writing yet another Noise Protocol Framework
> implementation targeting Go (1.12 or later) from scratch.
> The entire `r34` spec is supported, with the exception of `fallback`
> modifiers, with the following additions/deviations:
> * The ability to alter the maximum message size (or disable the
> check entirely).
> * A `DeoxysII` cipher that is backed by DeoxysII-256-128 (v1.43).
> The nonce encoding is 56 bits of 0, followed by the Big Endian
> representation of the 64 bit noise nonce (Yes, 120 bits).
> * Some specification mandated length requirements are somewhat relaxed:
> * The tag produced by the AEAD primitive can be any length, though
> tags < 128 bits in size should probably not be used.
> * HASHLEN can be any value greater or equal ot 256 bits.
> The package is structured in a way that hopefully makes it simple to
> maintain, use, and extend with new patterns, cipher/dh/hash routines.
> It hasn't been used for anything serious yet, so it is entirely possible
> that there are silly bugs in the code. That said, it does produce
> output that matches test vectors shamelessly stolen from cacophony,
> snow, and noise-c.
> Currently I am uncertain about how I wish the library to evolve beyond
> debugging, and keeping up with the official specification. It is likely
> that I will have a more concrete direction here, once I start using the
> library in my various pet projects.
> Repository: https://gitlab.com/yawning/nyquist
> Documentation: https://godoc.org/gitlab.com/yawning/nyquist.git
> Yawning Angel
> : https://sites.google.com/view/deoxyscipher/
> : The noise-c PSK tests are skipped because I'm too lazy to figure
> out what `NoisePSK_XX_` etc got renamed to.
> Noise mailing list
> Noise at moderncrypto.org
More information about the Noise