Skip to content

[Feature] Noise XKpsk3 integration (2025 version) #5692

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
simonwicky merged 3 commits into from
Jun 5, 2025
Merged

[Feature] Noise XKpsk3 integration (2025 version) #5692

simonwicky merged 3 commits into from
Jun 5, 2025

Conversation

@simonwicky
Copy link
Contributor

@simonwicky simonwicky commented Apr 7, 2025
edited by mmsinclair
Loading

Description

Noise PR #4360 is dead, long live Noise PR #5692.

No stacked PRs this time, commits description are quite explicit (and it's less of a mess than last time)

This change is Reviewable

@simonwicky simonwicky requested a review from jstuczyn April 7, 2025 12:27
@vercel
Copy link

vercel bot commented Apr 7, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
nym-explorer-v2 ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jun 5, 2025 9:15am
2 Skipped Deployments
Name Status Preview Comments Updated (UTC)
docs-nextra ⬜️ Ignored (Inspect) Visit Preview Jun 5, 2025 9:15am
nym-next-explorer ⬜️ Ignored (Inspect) Visit Preview Jun 5, 2025 9:15am

@timkuijsten
Copy link

timkuijsten commented Apr 7, 2025

Is there any rationale of the choice for XKpsk3? I.e. how to do DoS mitigation? Also I'm curious how this relates to the announcement of planning to use McEliece.

@simonwicky simonwicky force-pushed the simon/noise_nodes_2025 branch from d00427a to 3be921e Compare April 9, 2025 09:45
@simonwicky simonwicky requested a review from octol April 9, 2025 11:29
@benedettadavico benedettadavico added this to the Tourist milestone Apr 9, 2025
@aniampio
Copy link
Contributor

aniampio commented Apr 10, 2025

@timkuijsten Thanks for the question! We decided to use XKpsk3 because it provides the best forward secrecy, authentication, replay protection, and identity-hiding guarantees for client-server settings where the client cannot be identified based on its source IP address. Also, as PQ-security is on our roadmap, we opted for the variant with PSK, as the pre-shared key can be later used to inject Post-Quantum safety into the protocol. We also decided to use the XKpsk3 between nodes, as we are considering supporting private gateways in the future, so the identity of the initiator may not be obvious from the source IP address (entry-mixnode). Then, for the rest of the connections (mix node to mix node, and mix node to exit) we also use the same pattern to keep the usage across the network uniform.

In terms of DoS protection, deploying Noise at the transport layer helps shield the Sphinx layer, as each message must first be validated by Noise before any Sphinx processing occurs. However, Noise itself can still be vulnerable to DoS attacks. WireGuard mitigates this risk using a cookie-based mechanism. We could adopt a similar approach, or explore alternative strategies — all of which are currently under consideration.

jstuczyn
jstuczyn reviewed Apr 10, 2025
View reviewed changes
@timkuijsten
Copy link

timkuijsten commented Apr 10, 2025

In terms of DoS protection, deploying Noise at the transport layer helps shield the Sphinx layer, as each message must first be validated by Noise before any Sphinx processing occurs. However, Noise itself can still be vulnerable to DoS attacks. WireGuard mitigates this risk using a cookie-based mechanism. We could adopt a similar approach, or explore alternative strategies — all of which are currently under consideration.

I guess XK + cookie and making sure there is no responder-side state for unauthenticated connections (like rosenpass did) would put you in a good position. Are there already any public discussions, designs or transcripts?

jstuczyn
jstuczyn reviewed Apr 11, 2025
View reviewed changes
jstuczyn
jstuczyn reviewed Apr 11, 2025
View reviewed changes
jstuczyn
jstuczyn reviewed Apr 11, 2025
View reviewed changes
jstuczyn
jstuczyn reviewed Apr 11, 2025
View reviewed changes
jstuczyn
jstuczyn reviewed Apr 11, 2025
View reviewed changes
jstuczyn
jstuczyn reviewed Apr 11, 2025
View reviewed changes
jstuczyn
jstuczyn reviewed Apr 11, 2025
View reviewed changes
@simonwicky
Copy link
Contributor Author

simonwicky commented Apr 14, 2025

@timkuijsten There are no public discussions or designs yet no.
Using cookies is a good lead, although it's just used to confirm the IP address so it can then be limited with other means.

@timkuijsten
Copy link

timkuijsten commented Apr 14, 2025

Using cookies is a good lead, although it's just used to confirm the IP address so it can then be limited with other means.

But nym uses TCP right? Isn't TCP's three-way-handshake enough for IP ownership confirmation? (unlike WireGuard which needs the cookie because it uses UDP).

@simonwicky
Copy link
Contributor Author

simonwicky commented Apr 14, 2025

@timkuijsten For the moment it does indeed. That's a fair point, I'll need to think about it.

@simonwicky simonwicky modified the milestones: Appenzeller, Brie May 5, 2025
@simonwicky simonwicky force-pushed the simon/noise_nodes_2025 branch from 99fc052 to 48045f7 Compare May 20, 2025 14:19
@vercel vercel bot temporarily deployed to Preview – nym-next-explorer May 20, 2025 14:33 Inactive
@vercel vercel bot temporarily deployed to Preview – nym-explorer-v2 May 20, 2025 14:33 Inactive
@benedettadavico benedettadavico modified the milestones: Brie, Cheddar May 22, 2025
@jstuczyn jstuczyn force-pushed the simon/noise_nodes_2025 branch from 8125c0a to ae14180 Compare May 27, 2025 14:29
@simonwicky simonwicky modified the milestones: Cheddar, Dolcelatte May 28, 2025
@jstuczyn jstuczyn force-pushed the simon/noise_nodes_2025 branch from d7c07ca to 875883a Compare May 28, 2025 11:48
@aniampio aniampio requested review from jmwample and removed request for octol May 29, 2025 07:30
@simonwicky simonwicky force-pushed the simon/noise_nodes_2025 branch from 13fcde5 to 2010d38 Compare June 4, 2025 08:32
@simonwicky simonwicky force-pushed the simon/noise_nodes_2025 branch from 2d06766 to 50d0556 Compare June 5, 2025 09:12
@simonwicky simonwicky merged commit 8ba58ba into develop Jun 5, 2025
20 of 21 checks passed
@simonwicky simonwicky deleted the simon/noise_nodes_2025 branch June 5, 2025 09:34
georgio pushed a commit that referenced this pull request Jun 12, 2025
@simonwicky @georgio
[Feature] Noise XKpsk3 integration (2025 version) (#5692)
f2f9bf4 
* grand Noise squaheroo

* fix merge conflicts and adapt code for the key rotation changes (#5824)

* remove file that should have been ignored
georgio pushed a commit that referenced this pull request Jun 17, 2025
@simonwicky @georgio
[Feature] Noise XKpsk3 integration (2025 version) (#5692)
44fa619 
* grand Noise squaheroo

* fix merge conflicts and adapt code for the key rotation changes (#5824)

* remove file that should have been ignored
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jstuczyn jstuczyn jstuczyn approved these changes

@jmwample jmwample Awaiting requested review from jmwample

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

Dolcelatte - (est. mainnet 08.07.2025)

Development

Successfully merging this pull request may close these issues.

6 participants

@simonwicky @timkuijsten @aniampio @jstuczyn @benedettadavico