The Noise protocol is one of the best things to happen to encrypted protocol design. WireGuard inherits its elegance from Noise. Noise is a cryptography engineer’s darling spec. It’s important not to get blindsided while fawning over it and to pay attention to where implementers run into trouble. Someone raised a concern I had run into before: Noise has a matrix.

To a cryptography engineer, this matrix is beautiful. These eldritch runes describe a grammar: the number of ways you can meaningfully compose the phrases that can make up a Noise handshake into a proper protocol.

To the layperson implementer, the matrix is terrifying. They hadn’t thought about key-compromise impersonation or the distinction between known-key, hidden-key and exposed-key protocols or even forward secrecy.

source: green

We’re less interested in empowering developers and a lot more pessimistic about the prospects of getting this stuff right.

source: solar