[noise] Implementing HFS support for Noise
Trevor Perrin
trevp at trevp.net
Wed Sep 25 20:01:04 PDT 2019
On Thu, Aug 29, 2019 at 3:06 AM Daan Sprenkels <hello at dsprenkels.com> wrote:
>
> Hey all,
>
> As David already mentioned yesterday, I have spent some efforts on
> implementing HFS support for the snow implementation in Rust this week
> [1], based on the spec from [2]. Currently, there is a fully functional
> proof-of-concept.
Hi Daan,
Sorry I missed this - busy summer, sounds like great work, I hope to
look closer soon. Some responses:
>
> Trevor's HFS spec makes no mention of how to specify the KEM that is to
> be used. There seem to be a couple of straightforward options:
>
> 1. Add the name into the pattern after the DH-scheme seperated with a
> `+`, for example: `Noise_XXhfs_25519+Kyber1024_AESGCM_SHA256`. This
> was already proposed by [3].
Yes, that matches what I wrote in the HFS draft spec, buried in
Section 5. We should improve that spec and add examples, of course:
https://github.com/noiseprotocol/noise_hfs_spec/blob/master/output/noise_hfs.pdf
## Selecting post-quantum KEMs
>
> For snow, I have used Kyber1024, by request of David, (and also because
> of personal affiliation). However, to provide the users with some
> choice, we should maybe also decide on a second one to "unofficially"
> standardize. In any case, I agree to update to the winners from the NIST
> competition once that's finished. Until then, should we implement a
> second one (and which)?
I don't know! What do you think are the other best options? We have
an "Unofficial crypto algorithms list" where you can at least document
any choices or options:
https://github.com/noiseprotocol/noise_wiki/wiki/Unofficial-crypto-algorithms-list
Trevor
More information about the Noise
mailing list