On Mon, 28 Dec 2015 17:43:57 -0500 Nick Mathewson <nickm@xxxxxxxxxxxxxx> wrote: > 2. RELAY_REKEY cell operation > > To rekey, the circuit initiator ("client") can send a new > RELAY_REKEY cell type: > > struct relay_rekey { > u16 rekey_method IN [0, 1]; > u8 rekey_data[]; > } > > const REKEY_METHOD_ACK = 0; > const REKEY_METHOD_SHAKE128_CLIENT = 1; > > This cell means "I am changing the key." The new key material will > be derived from SHAKE128 of the aez_key concatenated with the > rekey_data field, to fill a new shake_output structure. The client > should set rekey_data at random. This should be SHAKE256 to be consistent with our initial AEZ key derivation. We're squeezing less data than the SHAKE256 rate, and we need the same number of Keccak calls for either primitive during the absorb phase, so there is no performance difference. -- Yawning Angel
Attachment:
pgpE0hHImTSKR.pgp
Description: OpenPGP digital signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev