Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 07C61D56 for ; Mon, 17 Jun 2019 16:26:50 +0000 (UTC) X-Greylist: delayed 00:06:09 by SQLgrey-1.7.6 Received: from bitcoin.jonasschnelli.ch (bitcoinsrv.jonasschnelli.ch [138.201.55.219]) by smtp1.linuxfoundation.org (Postfix) with ESMTP id D5D0D2C3 for ; Mon, 17 Jun 2019 16:26:48 +0000 (UTC) Received: from [192.168.0.3] (cable-static-140-182.teleport.ch [87.102.140.182]) by bitcoin.jonasschnelli.ch (Postfix) with ESMTPSA id AFFBB15E127C; Mon, 17 Jun 2019 18:20:37 +0200 (CEST) From: Jonas Schnelli Content-Type: multipart/signed; boundary="Apple-Mail=_4AADDABC-FB73-4720-BDE1-91ADA5FE1A9D"; protocol="application/pgp-signature"; micalg=pgp-sha256 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Mon, 17 Jun 2019 18:20:32 +0200 References: To: Elichai Turkel , Bitcoin Protocol Discussion In-Reply-To: Message-Id: <76890B69-2004-41C4-B4E7-0C5D070142C3@jonasschnelli.ch> X-Mailer: Apple Mail (2.3445.104.11) X-Virus-Scanned: clamav-milter 0.100.3 at bitcoinsrv.jonasschnelli.ch X-Virus-Status: Clean X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Tue, 18 Jun 2019 06:36:30 +0000 Subject: Re: [bitcoin-dev] New BIP - v2 peer-to-peer message transport protocol X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jun 2019 16:26:50 -0000 --Apple-Mail=_4AADDABC-FB73-4720-BDE1-91ADA5FE1A9D Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi Elichai > About the nonce being 64bit. (rfc7539 changed it to 96bit, which djb = later calls xchacha) >=20 > You suggest that we use the "message sequence number" as the nonce for = Chacha20, Is this number randomly generate or is this a counter? > And could it be reseted without rekeying? The in BIP324 (v2 message transport protocol) proposed AEAD, = ChaCha20Poly1305@Bitcoin [1], uses a =E2=80=9Emessage sequence = number=E2=80=9C. There is no such thing as random nonce described in the = BIP (hence the term =E2=80=9Esequence number=E2=80=9C). The message = sequence number starts with 0 and the max traffic before a rekey must = occur is 1GB. A nonce/key reuse is conceptually impossible (of course = implementations could screw up at this point). Using XChaCha20 with the possibility of a random nonce could be done, = but I don=E2=80=99t see a reason to use it in our case since the usage = of a sequence number as nonce seems perfectly save. [1] = https://gist.github.com/jonasschnelli/c530ea8421b8d0e80c51486325587c52#cha= cha20-poly1305bitcoin-cipher-suite --Apple-Mail=_4AADDABC-FB73-4720-BDE1-91ADA5FE1A9D Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEyhopCNzi8TB0xizeHrd2uwPHki0FAl0HvdAACgkQHrd2uwPH ki0QdQ/+K0fw/cj4i10pny4JmvrM7nTrfTckJADUuaFQM5cQMf2LzsmV5/1QODF+ TAPJxe3MyFghAwAyLA3o0k2xpQjjjmqZVOZDdkPr+qeNYcyqwPC8U0tPrxNFneg9 C1KAcF+mKMTMFh3uZrId1/FlI5cjVnimG3e5IqHNC1MCK+X6QqmQbvhfykrH83p0 xnYdL0Bow536cODwdTsdoAAQTfIKnZrGKaWSNhahwKpQpHH34PIOlx6CZD3xCQRh VYFbM0DA+lJAU7PwaFfsHuYn0sx4I47UY70K3AvrgJcgBUoG8jRGbh4SXQBgyeuG ojLrHz+PscelBPjG2DIHaALvun6+OFH+O/pH8/jwsicc8rKi8kZ6icRws1258D1L wFGGRkySDJzNwjeYHnyu0LAvkF+CKznWQbpByflwSR04+4hKjcVXZdwqMI/ANq2P Tz0rMZyqu2P31B/EitLlOkZRk2zGRl2hYsO1bdWEA671LsinKkDbQyMdDExjlfft IhzoxZBfBoufa/UWY2o3SbaEOUYByiTLzAxlfImj7d35U5SH5jpBr8n3mCgybA8z ULb+RpGYIxvrnWdF5zCygPGuZcdf7oGjluvq9/5K4hzL7x1Oarg/sW/c1Jm5nTzX ktZBCKVTYmPXcnv4vmX90+pNX+1mnAxLV0ey1y2D/bw/Ij9bQ04= =T1SB -----END PGP SIGNATURE----- --Apple-Mail=_4AADDABC-FB73-4720-BDE1-91ADA5FE1A9D--