This is a minimalist transport encryption protocol with forward secrecy, based on Curve25519 and ChaCha20+Poly1305
http://tinc-vpn.org/git/browse?p=tinc;a=blob;f=doc/SPTPS;hb=refs/heads/1.1 The basic protocol: 1) Key Exchange (KEX): create a random D-H key, send pubkey + nonce 2) Signature (SIG): combine yours and their messages and compute an "ECDSA" signature (one might assume EdDSA here but it's unspecified) 3) Acknowledge (ACK): Compute D-H shared secret, and derive a session key via a KDF with both nonces + "application specific label", then send an empty packet (CurveCP might preload the first message here) Seems interesting -- Tony Arcieri
_______________________________________________ Curves mailing list [email protected] https://moderncrypto.org/mailman/listinfo/curves
