From 29b8c04e35cc3add331e7a1c571b2a1a4b934613 Mon Sep 17 00:00:00 2001 From: Danny Salman Date: Thu, 5 Jan 2023 05:18:13 -0500 Subject: [PATCH 1/5] populate noise --- content/concepts/secure-comm/noise.md | 57 ++++++++++++++++++++++++++- 1 file changed, 55 insertions(+), 2 deletions(-) diff --git a/content/concepts/secure-comm/noise.md b/content/concepts/secure-comm/noise.md index 69269717..6621f157 100644 --- a/content/concepts/secure-comm/noise.md +++ b/content/concepts/secure-comm/noise.md @@ -6,5 +6,58 @@ aliases: - "/concepts/secure-comm/noise" --- - -Coming soon! +## What is Noise? + +The [Noise Protocol Framework](https://noiseprotocol.org/) is a set of tools for creating +secure communication protocols by combining cryptographic primitives into patterns with +verifiable security properties. It provides a high level of flexibility, allowing users to +choose from a range of cryptographic primitives and design patterns to suit their needs. +However, it is up to the user to carefully consider the tradeoffs and make informed decisions +to create a secure protocol. + +## Noise in libp2p + +noise-libp2p is an implementation of the Noise Protocol Framework used to establish a +secure channel between two peers in the libp2p network. The protocol ID is +`/noise`, and future versions of the specification may define new protocol IDs using the "/noise" +prefix (e.g., `/noise/2`). + +When two peers connect, the transport upgrader negotiates +which security and multiplexing protocols to use using +[multistream-select](https://github.com/multiformats/multistream-select). +> A successor to multistream-select, called multiselect 2, is in development, but noise-libp2p is +> compatible with the current upgrade process and multiselect 2. + +### Handshake + +Peers exchange public keys and perform a Diffie-Hellman exchange to generate a pair of symmetric +keys that can be used to encrypt traffic during the handshake. +The static DH key used in the Noise protocol is authenticated using the libp2p identity keypair. + +The Noise Protocol Framework provides several different handshake patterns to choose from, each +with its tradeoffs in terms of security and performance. noise-libp2p currently supports the +[`XX` pattern](https://noiseprotocol.org/noise.html#interactive-handshake-patterns-fundamental), +which provides strong security guarantees but is slower than other options. In the future, +additional handshake patterns may be added to noise-libp2p to support different use cases. + + + +#### The Noise Extension + +In addition to the standard Noise handshake, noise-libp2p also includes an extension registry, which +allows for the exchange of additional data during the handshake process. This extension is used to +exchange libp2p-specific data such as peer IDs and supported protocol versions that enable early +stream muxer negotiation. + + + +### Wire Format and Encryption + +After the Noise handshake is completed, the resulting encryption keys send ciphertext messages +back and forth over the secure channel. The wire format for these messages and the cryptographic primitives +used for encryption is specified in the Noise specification. noise-libp2p currently uses the +[ChaCha20Poly1305](https://en.wikipedia.org/wiki/ChaCha20-Poly1305) AEAD cipher for encryption, which provides +both confidentiality and integrity protection. The wire format consists of a header and a payload, with the +payload being encrypted using the encryption keys derived from the Noise handshake. + +{{< alert icon="💡" context="note" text="See the Noise technical specification for more details." />}} From e63ee2ec6a5e163507661e9c95b70bf188688e66 Mon Sep 17 00:00:00 2001 From: Danny Salman Date: Fri, 6 Jan 2023 06:09:19 -0500 Subject: [PATCH 2/5] edits and ref other docs --- content/concepts/secure-comm/noise.md | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/content/concepts/secure-comm/noise.md b/content/concepts/secure-comm/noise.md index 6621f157..ef36e9bc 100644 --- a/content/concepts/secure-comm/noise.md +++ b/content/concepts/secure-comm/noise.md @@ -19,19 +19,20 @@ to create a secure protocol. noise-libp2p is an implementation of the Noise Protocol Framework used to establish a secure channel between two peers in the libp2p network. The protocol ID is -`/noise`, and future versions of the specification may define new protocol IDs using the "/noise" -prefix (e.g., `/noise/2`). +`/noise`, and future versions of the specification may define new protocol IDs using the +"/noise" prefix (e.g., `/noise/2`). When two peers connect, the transport upgrader negotiates -which security and multiplexing protocols to use using +which security and [multiplexing](../multiplex/overview.md) protocols to use using [multistream-select](https://github.com/multiformats/multistream-select). > A successor to multistream-select, called multiselect 2, is in development, but noise-libp2p is > compatible with the current upgrade process and multiselect 2. ### Handshake -Peers exchange public keys and perform a Diffie-Hellman exchange to generate a pair of symmetric -keys that can be used to encrypt traffic during the handshake. +Peers exchange public keys and perform a +[Diffie-Hellman exchange](https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange) +to generate a pair of symmetric keys that can be used to encrypt traffic during the handshake. The static DH key used in the Noise protocol is authenticated using the libp2p identity keypair. The Noise Protocol Framework provides several different handshake patterns to choose from, each @@ -46,8 +47,8 @@ additional handshake patterns may be added to noise-libp2p to support different In addition to the standard Noise handshake, noise-libp2p also includes an extension registry, which allows for the exchange of additional data during the handshake process. This extension is used to -exchange libp2p-specific data such as peer IDs and supported protocol versions that enable early -stream muxer negotiation. +exchange libp2p-specific data such as [peer IDs](../fundamentals/peers.md##peer-id) and supported +protocol versions that enable [early stream muxer negotiation](../multiplex/early-negotiation). From da47060a3acdd03550860b25803945aef9e3ba01 Mon Sep 17 00:00:00 2001 From: Danny Salman Date: Thu, 26 Jan 2023 19:39:06 -0500 Subject: [PATCH 3/5] incorporate PR feedback and simplify content --- content/concepts/secure-comm/noise.md | 60 +++++++-------------------- 1 file changed, 14 insertions(+), 46 deletions(-) diff --git a/content/concepts/secure-comm/noise.md b/content/concepts/secure-comm/noise.md index ef36e9bc..f39cd9ae 100644 --- a/content/concepts/secure-comm/noise.md +++ b/content/concepts/secure-comm/noise.md @@ -8,57 +8,25 @@ aliases: ## What is Noise? -The [Noise Protocol Framework](https://noiseprotocol.org/) is a set of tools for creating -secure communication protocols by combining cryptographic primitives into patterns with -verifiable security properties. It provides a high level of flexibility, allowing users to -choose from a range of cryptographic primitives and design patterns to suit their needs. -However, it is up to the user to carefully consider the tradeoffs and make informed decisions -to create a secure protocol. +The [Noise Protocol Framework](https://noiseprotocol.org/) is a widely-used encryption +scheme that allows for secure communication by combining cryptographic primitives into +patterns with verifiable security properties. -## Noise in libp2p - -noise-libp2p is an implementation of the Noise Protocol Framework used to establish a -secure channel between two peers in the libp2p network. The protocol ID is -`/noise`, and future versions of the specification may define new protocol IDs using the -"/noise" prefix (e.g., `/noise/2`). - -When two peers connect, the transport upgrader negotiates -which security and [multiplexing](../multiplex/overview.md) protocols to use using -[multistream-select](https://github.com/multiformats/multistream-select). -> A successor to multistream-select, called multiselect 2, is in development, but noise-libp2p is -> compatible with the current upgrade process and multiselect 2. - -### Handshake - -Peers exchange public keys and perform a -[Diffie-Hellman exchange](https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange) -to generate a pair of symmetric keys that can be used to encrypt traffic during the handshake. -The static DH key used in the Noise protocol is authenticated using the libp2p identity keypair. +Learn more at https://noiseprotocol.org. -The Noise Protocol Framework provides several different handshake patterns to choose from, each -with its tradeoffs in terms of security and performance. noise-libp2p currently supports the -[`XX` pattern](https://noiseprotocol.org/noise.html#interactive-handshake-patterns-fundamental), -which provides strong security guarantees but is slower than other options. In the future, -additional handshake patterns may be added to noise-libp2p to support different use cases. - - +## Noise in libp2p -#### The Noise Extension +libp2p uses the Noise Protocol Framework to encrypt data between nodes and provide forward +secrecy. noise-libp2p is an implementation of the Noise Protocol Framework used to establish +a secure channel between two peers by securely exchanging keys and encrypting traffic during +a libp2p handshake. After a successful Noise handshake, the resulting keys send ciphertext +messages back and forth over the secure channel. The wire format for these messages and the +cryptographic primitives used for encryption is specified in the +[libp2p-noise specification](https://github.com/libp2p/specs/tree/master/noise). -In addition to the standard Noise handshake, noise-libp2p also includes an extension registry, which -allows for the exchange of additional data during the handshake process. This extension is used to -exchange libp2p-specific data such as [peer IDs](../fundamentals/peers.md##peer-id) and supported -protocol versions that enable [early stream muxer negotiation](../multiplex/early-negotiation). +The protocol ID is `/noise`, and future versions may define new protocol IDs using the +"/noise" prefix (e.g., `/noise/2`). -### Wire Format and Encryption - -After the Noise handshake is completed, the resulting encryption keys send ciphertext messages -back and forth over the secure channel. The wire format for these messages and the cryptographic primitives -used for encryption is specified in the Noise specification. noise-libp2p currently uses the -[ChaCha20Poly1305](https://en.wikipedia.org/wiki/ChaCha20-Poly1305) AEAD cipher for encryption, which provides -both confidentiality and integrity protection. The wire format consists of a header and a payload, with the -payload being encrypted using the encryption keys derived from the Noise handshake. - {{< alert icon="💡" context="note" text="See the Noise technical specification for more details." />}} From c50c39e28998b73cfccabefa1d5f2b8fdbdf182d Mon Sep 17 00:00:00 2001 From: Danny Salman Date: Thu, 26 Jan 2023 19:42:13 -0500 Subject: [PATCH 4/5] edits --- content/concepts/secure-comm/noise.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/content/concepts/secure-comm/noise.md b/content/concepts/secure-comm/noise.md index f39cd9ae..cf92ff3f 100644 --- a/content/concepts/secure-comm/noise.md +++ b/content/concepts/secure-comm/noise.md @@ -18,14 +18,14 @@ Learn more at https://noiseprotocol.org. libp2p uses the Noise Protocol Framework to encrypt data between nodes and provide forward secrecy. noise-libp2p is an implementation of the Noise Protocol Framework used to establish -a secure channel between two peers by securely exchanging keys and encrypting traffic during -a libp2p handshake. After a successful Noise handshake, the resulting keys send ciphertext -messages back and forth over the secure channel. The wire format for these messages and the -cryptographic primitives used for encryption is specified in the +a secure channel between two peers by exchanging keys and encrypting traffic during +the libp2p handshake process. After a successful Noise handshake, the resulting keys send +ciphertext messages back and forth over the secure channel. The wire format for these messages +and the cryptographic primitives used for encryption is specified in the [libp2p-noise specification](https://github.com/libp2p/specs/tree/master/noise). -The protocol ID is `/noise`, and future versions may define new protocol IDs using the -"/noise" prefix (e.g., `/noise/2`). +The noise-libp2p protocol ID is `/noise`, and future versions may define new protocol IDs +using the "/noise" prefix (e.g., `/noise/2`). From 8eeb9a27a3076f55f68acefeeca651a60d75f5ad Mon Sep 17 00:00:00 2001 From: Danny Salman Date: Thu, 26 Jan 2023 19:45:03 -0500 Subject: [PATCH 5/5] link --- content/concepts/secure-comm/noise.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/concepts/secure-comm/noise.md b/content/concepts/secure-comm/noise.md index cf92ff3f..add8a205 100644 --- a/content/concepts/secure-comm/noise.md +++ b/content/concepts/secure-comm/noise.md @@ -12,7 +12,7 @@ The [Noise Protocol Framework](https://noiseprotocol.org/) is a widely-used encr scheme that allows for secure communication by combining cryptographic primitives into patterns with verifiable security properties. -Learn more at https://noiseprotocol.org. +Learn more at [https://noiseprotocol.org](https://noiseprotocol.org). ## Noise in libp2p