Are there any projects leveraging a combination of (1) Noise and (2) Signal / Double Ratchet to augment the former with per-message forward secrecy?

user3325588

11/28/23, 4:40 PM

Are there examples (in code, or a blog post / writeup) of using Noise and Signal together?

Here is a link to Noise.

For example, using the Double Ratchet per each message to achieve forward secrecy, but leveraging Noise as a foundation for its patterns of initial key exchange. Both Noise and Signal are well-studied and well-known, and so building upon these might be preferred over attempting to craft a brand new protocol.

Whether it's considered as (a) an extension of the Noise protocol, (b) passing Noise messages that are already "wrapped" (as an onion, such as Signal within Noise), or (c) constantly re-running Noise exchanges, I'm wondering if there is a project that has integrated features from both.

For (a), I couldn't find an obvious proposed extension spec within the Noise protocol wiki page that addresses ratcheting / forward secrecy per each (synchronous) message, so perhaps it's normally assumed that forward secrecy is achieved per "session" - by running a fresh key exchange each time. However to attempt to achieve that property per message might come with compromises such as round trip time (in contrast to continuous asymmteric ratcheting).

For (b), perhaps this would be a way to use both (1) Noise and (2) Signal / Double Ratchet without fundamentally modifying the way that these underlying protocols work. Essentially those protocols could be used as is, in layers. As long as the key material in use by each is independent / non-correlated, then one could benefit from the analysis and security properties already studied for Noise and Signal. However, I haven't yet found an example of this kind of use but that doesn't mean it's not out there.

For (c), that's more of a thought experiment, since there would be extra round trip overhead per message for this approach. Although by only using Noise on its own, some other positive aspects of Signal/X3DH/Double ratchet might be missed.

Any examples of using both protocols together, or cooperatively, is welcome. Or a comment on (b) or the overall benefit / approach of adding per-message forward secrecy on top of a Noise-established channel.

137

0 + 3

diffie-hellman

signal-protocol

noise-protocol

kodlu

11/28/23, 5:37 PM

Can you provide some links? Especially for "Noise".

samuel-lucas6

11/28/23, 7:02 PM

@kodlu [Here](https://noiseprotocol.org/noise.html) is the Noise Protocol spec. [Noise Explorer](https://noiseexplorer.com/) is also useful for understanding the patterns.

Marc Ilunga

11/29/23, 8:46 AM

Noise as the "issue" that symmetric keys are used within the protocol, so you don't get a nice separation of key exchange and secure channels. So, I doubt you get composition for "free". On the other hand, Noise was analyzed in the flexible authenticated and confidential channels model. So, I would be surprised if that composition was unsound.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Are there any projects leveraging a combination of (1) Noise and (2) Signal / Double Ratchet to augment the former with per-message forward secrecy?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.