Noise Explorer beta


s ... a e, es, s, ss

Handshake Pattern Analysis

The responder is initialized with a pre-shared long-term static key, which is assumed to be pre-authenticated out of band by the initiator.

Message A show detailed analysis

Message A, sent by the initiator, benefits from receiver authentication but is vulnerable to Key Compromise Impersonation. If the responder's long-term private key has been compromised, this authentication can be forged. However, if the initiator carries out a separate session with a separate, compromised responder, this other session can be used to forge the authentication of this message with this session's responder. Message contents benefit from message secrecy and some forward secrecy: the compromise of the responder's long-term private keys, even at a later date, will lead to message contents being decrypted by the attacker. 1,2

Generate Cryptographic Models for Formal Verification

Get Model active attacker Get Model passive attacker

Generate Secure Protocol Implementation Code

Get Implementation written in go Get Implementation written in rust