I can’t figure out why the static public key of the initiator/recipient cannot be sent as plain text in the Noise KK pattern and what kind of cryptographic vulnerability does it provide? For example, in the pattern Noise XX, the recipient's static public key is sent encrypted, although it can be easily obtained by man-in-the-middle attack, cause in the first step performed DH with only ephemeral keys.
Asked
Active
Viewed 34 times
1
-
KK is for when the long-term static keys are already known/shared out of band. Therefore, you don't need to exchange the public keys as part of Noise, which avoids this sort of problem. – samuel-lucas6 Sep 05 '22 at 19:50
-
1I understand. KK for already known static keys. But in XX performed the same DH operations in total. So how I reduce cryptographic durability by sharing long-term static public keys in plain text? – Krik99 Sep 05 '22 at 21:34
-
Because an attacker can tamper with the public keys in transit, and you have no way of knowing. If the recipient's public key is encrypted with an AEAD, any tampering in transit will be detected. – samuel-lucas6 Sep 06 '22 at 08:20