commit 4e0e7fc02b98d29d88bcb12ef6c3c84b8f1177e6
parent 7612fb38bf18ecc45159de8d7d6243c50c5b7ee8
Author: Martin Schanzenbach <schanzen@gnunet.org>
Date: Tue, 27 Feb 2024 18:10:34 +0100
more kx
Diffstat:
1 file changed, 5 insertions(+), 0 deletions(-)
diff --git a/developers/apis/cong.rst b/developers/apis/cong.rst
@@ -29,6 +29,11 @@ Each payload is encrypted using AES(kA, Twofish(kB, payload)) both in CFB mode (
For CONG, we should double-check the security of your ECDHE construction and then
potentially move away from AES/Twofish, possible towards ChaCha20 or XSalsa20 (Needs discussion).
+Proposal:
+
+ * Use X25519 for the KX with our Ed25519 keys: https://doc.libsodium.org/advanced/ed25519-curve25519
+ * Use XSalsa20 and kTx,kRx := KDF(X25519(),senderPK,receiverPK) for symmetric encryption
+
.. _Peer-IDs:
Peer IDs
