commit 7612fb38bf18ecc45159de8d7d6243c50c5b7ee8
parent 2d91e825000361008875dd15e41e7597d6c9f70a
Author: Martin Schanzenbach <schanzen@gnunet.org>
Date: Tue, 27 Feb 2024 16:07:52 +0100
notes on kx
Diffstat:
1 file changed, 18 insertions(+), 2 deletions(-)
diff --git a/developers/apis/cong.rst b/developers/apis/cong.rst
@@ -10,8 +10,24 @@ CONG (COre Next Generation) is the name of the project redesigns the CORE
service. Here we document the design decisions and parts that are about to
change.
-..
- TODO Overview? Oder gibt's ein Inhaltsverzeichnis?
+
+Design goals
+------------
+
+TODO
+
+Key exchange
+------------
+
+While we are at it we may as well improve the key exchange.
+Currently, we are using our own ECDHE key exchange that derives
+2x2 keys.
+2 keys for each direction (sending/receiving).
+Each direction uses two 256-bit symmetric encryption keys derived through the ECDH exchange.
+Each payload is encrypted using AES(kA, Twofish(kB, payload)) both in CFB mode (!).
+
+For CONG, we should double-check the security of your ECDHE construction and then
+potentially move away from AES/Twofish, possible towards ChaCha20 or XSalsa20 (Needs discussion).
.. _Peer-IDs:
