summaryrefslogtreecommitdiff
path: root/d4/fb9a37cba4ba6070833da34dcb66b15a4d8b8b
blob: 6b5225a291086ab25e2d3732d944131b9ad8e368 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
Return-Path: <dev@jonasschnelli.ch>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 07C61D56
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Mon, 17 Jun 2019 16:26:50 +0000 (UTC)
X-Greylist: delayed 00:06:09 by SQLgrey-1.7.6
Received: from bitcoin.jonasschnelli.ch (bitcoinsrv.jonasschnelli.ch
	[138.201.55.219])
	by smtp1.linuxfoundation.org (Postfix) with ESMTP id D5D0D2C3
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Mon, 17 Jun 2019 16:26:48 +0000 (UTC)
Received: from [192.168.0.3] (cable-static-140-182.teleport.ch
	[87.102.140.182])
	by bitcoin.jonasschnelli.ch (Postfix) with ESMTPSA id AFFBB15E127C;
	Mon, 17 Jun 2019 18:20:37 +0200 (CEST)
From: Jonas Schnelli <dev@jonasschnelli.ch>
Content-Type: multipart/signed;
	boundary="Apple-Mail=_4AADDABC-FB73-4720-BDE1-91ADA5FE1A9D";
	protocol="application/pgp-signature"; micalg=pgp-sha256
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Mon, 17 Jun 2019 18:20:32 +0200
References: <CALN7hCKheiE374S6wOMJSTufmuQFxa-d_0x_aJbEPT=KuDc0nw@mail.gmail.com>
To: Elichai Turkel <elichai.turkel@gmail.com>,
	Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
In-Reply-To: <CALN7hCKheiE374S6wOMJSTufmuQFxa-d_0x_aJbEPT=KuDc0nw@mail.gmail.com>
Message-Id: <76890B69-2004-41C4-B4E7-0C5D070142C3@jonasschnelli.ch>
X-Mailer: Apple Mail (2.3445.104.11)
X-Virus-Scanned: clamav-milter 0.100.3 at bitcoinsrv.jonasschnelli.ch
X-Virus-Status: Clean
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
X-Mailman-Approved-At: Tue, 18 Jun 2019 06:36:30 +0000
Subject: Re: [bitcoin-dev] New BIP - v2 peer-to-peer message transport
 protocol
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Jun 2019 16:26:50 -0000


--Apple-Mail=_4AADDABC-FB73-4720-BDE1-91ADA5FE1A9D
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8

Hi Elichai

> About the nonce being 64bit. (rfc7539 changed it to 96bit, which djb =
later calls xchacha)
>=20
> You suggest that we use the "message sequence number" as the nonce for =
Chacha20, Is this number randomly generate or is this a counter?
> And could it be reseted without rekeying?

The in BIP324 (v2 message transport protocol) proposed AEAD, =
ChaCha20Poly1305@Bitcoin [1], uses a =E2=80=9Emessage sequence =
number=E2=80=9C. There is no such thing as random nonce described in the =
BIP (hence the term =E2=80=9Esequence number=E2=80=9C). The message =
sequence number starts with 0 and the max traffic before a rekey must =
occur is 1GB. A nonce/key reuse is conceptually impossible (of course =
implementations could screw up at this point).

Using XChaCha20 with the possibility of a random nonce could be done, =
but I don=E2=80=99t see a reason to use it in our case since the usage =
of a sequence number as nonce seems perfectly save.

[1] =
https://gist.github.com/jonasschnelli/c530ea8421b8d0e80c51486325587c52#cha=
cha20-poly1305bitcoin-cipher-suite

--Apple-Mail=_4AADDABC-FB73-4720-BDE1-91ADA5FE1A9D
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEyhopCNzi8TB0xizeHrd2uwPHki0FAl0HvdAACgkQHrd2uwPH
ki0QdQ/+K0fw/cj4i10pny4JmvrM7nTrfTckJADUuaFQM5cQMf2LzsmV5/1QODF+
TAPJxe3MyFghAwAyLA3o0k2xpQjjjmqZVOZDdkPr+qeNYcyqwPC8U0tPrxNFneg9
C1KAcF+mKMTMFh3uZrId1/FlI5cjVnimG3e5IqHNC1MCK+X6QqmQbvhfykrH83p0
xnYdL0Bow536cODwdTsdoAAQTfIKnZrGKaWSNhahwKpQpHH34PIOlx6CZD3xCQRh
VYFbM0DA+lJAU7PwaFfsHuYn0sx4I47UY70K3AvrgJcgBUoG8jRGbh4SXQBgyeuG
ojLrHz+PscelBPjG2DIHaALvun6+OFH+O/pH8/jwsicc8rKi8kZ6icRws1258D1L
wFGGRkySDJzNwjeYHnyu0LAvkF+CKznWQbpByflwSR04+4hKjcVXZdwqMI/ANq2P
Tz0rMZyqu2P31B/EitLlOkZRk2zGRl2hYsO1bdWEA671LsinKkDbQyMdDExjlfft
IhzoxZBfBoufa/UWY2o3SbaEOUYByiTLzAxlfImj7d35U5SH5jpBr8n3mCgybA8z
ULb+RpGYIxvrnWdF5zCygPGuZcdf7oGjluvq9/5K4hzL7x1Oarg/sW/c1Jm5nTzX
ktZBCKVTYmPXcnv4vmX90+pNX+1mnAxLV0ey1y2D/bw/Ij9bQ04=
=T1SB
-----END PGP SIGNATURE-----

--Apple-Mail=_4AADDABC-FB73-4720-BDE1-91ADA5FE1A9D--