From rusty at rustcorp.com.au Sun Dec 20 19:31:38 2015 From: rusty at rustcorp.com.au (Rusty Russell) Date: Mon, 21 Dec 2015 06:01:38 +1030 Subject: [Lightning-dev] An Alternative Onion-Routing Proposal In-Reply-To: References: <87wpsgh28z.fsf@rustcorp.com.au> <87d1u7xoxl.fsf@rustcorp.com.au> Message-ID: <87wps8nch1.fsf@rustcorp.com.au> Olaoluwa Osuntokun writes: > Sure. If we end up going with cha cha, I'd like us to adopt the practice of > encrypting the packet lengths with a separate key (and a new instance of > chacha20) similar to openssh's chacha20-poly3015 specification[2]. With > this construction, packet-length+packet-payload remain confidential. Nice! While timing and packet boundary measurement will probably be quite effective at determining sizes anyway, let's not make it easy. Note that we have to handle some limited re-transmission, due to nodes going down. The protocol assumes nodes store things persistently, but of course there can be packet loss / connection issues. Since our protocol is basically command/response, a node should respond to retransmission by retransmitting the response. (There are a few corner cases where we need to re-xmit more than one, but you get the idea). Cheers, Rusty.