Authentication only modes functions for Noise - noiseprotocol/noise_wiki GitHub Wiki

An authentication-only protocol is more suitable in certain environments such as industrial control systems using private networks. In these systems, all parties communicating are well known and encrypting traffic or identity information is disadvantageous as NSM or IDS software is unable to monitor anything below the TCP layer.

Some alternate definitions for ENCRYPT and DECRYPT are provided below for documentation in the event that Noise ever incorporates these modes in the core specification.

HMAC, as used in Noise, takes a message parameter. We can redefine that parameter using the arguments to Encrypt and Decrypt:

message := n || len(ad) || ad || plaintext
tag := HMAC(key, message)

We can then provide alternate implementations for Encrypt and Decrypt:

ENCRYPT(k, n, ad, plaintext): Calculates the HMAC tag based on the message definition above and the key, and appends it to the plaintext.

DECRYPT(k, n, ad, ciphertext): Interprets the ciphertext argument as a concatenation of the plaintext and the HMAC tag. Calculates the correct HMAC tag according to the message definition above. Uses a constant-time comparison algorithm to check the input and calculated tag values for equality. Returns the plaintext if authentication succeeds, otherwise signals an error in the event of authentication failure.

The concrete implementations of the ENCRYPT and DECRYPT function interface are more aptly named SIGN and VERIFY respectively.