Paper 2019/436

Flexible Authenticated and Confidential Channel Establishment (fACCE): Analyzing the Noise Protocol Framework

Benjamin Dowling, Paul Rösler, and Jörg Schwenk

Abstract

The Noise protocol framework is a suite of channel establishment protocols, of which each individual protocol ensures various security properties of the transmitted messages, but keeps specification, implementation, and configuration relatively simple. Implementations of the Noise protocols are themselves, due to the employed primitives, very performant. Thus, despite its relative youth, Noise is already used by large-scale deployed applications such as WhatsApp and Slack. Though the Noise specification describes and claims the security properties of the protocol patterns very precisely, there has been no computational proof yet. We close this gap. Noise uses only a limited number of cryptographic primitives which makes it an ideal candidate for reduction-based security proofs. Due to its patterns' characteristics as channel establishment protocols, and the usage of established keys within the handshake, the authenticated and confidential channel establishment (ACCE) model (Jager et al. CRYPTO 2012) seems to perfectly fit for an analysis of Noise. However, the ACCE model strictly divides protocols into two non-overlapping phases: the pre-accept phase (i.e., the channel establishment) and post-accept phase (i.e., the channel). In contrast, Noise allows the transmission of encrypted messages as soon as any key is established (for instance, before authentication between parties has taken place), and then incrementally increases the channel's security guarantees. By proposing a generalization of the original ACCE model, we capture security properties of such staged channel establishment protocols flexibly – comparably to the multi-stage key exchange model (Fischlin and Günther CCS 2014). We give security proofs for eight of the 15 basic Noise patterns.

Note: Full version of PKC paper with several changes.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
A major revision of an IACR publication in PKC 2020
Keywords
Noise protocol frameworkACCEMulti-StageChannel Establishment
Contact author(s)
paul roesler @ rub de
benjamin dowling @ rhul ac uk
History
2020-02-07: revised
2019-05-03: received
See all versions
Short URL
https://ia.cr/2019/436
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/436,
      author = {Benjamin Dowling and Paul Rösler and Jörg Schwenk},
      title = {Flexible Authenticated and Confidential Channel Establishment ({fACCE}): Analyzing the Noise Protocol Framework},
      howpublished = {Cryptology {ePrint} Archive, Paper 2019/436},
      year = {2019},
      url = {https://eprint.iacr.org/2019/436}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.