Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 437B1C03 for ; Mon, 17 Jun 2019 02:06:50 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-lj1-f174.google.com (mail-lj1-f174.google.com [209.85.208.174]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id B27F4E6 for ; Mon, 17 Jun 2019 02:06:49 +0000 (UTC) Received: by mail-lj1-f174.google.com with SMTP id p17so7711394ljg.1 for ; Sun, 16 Jun 2019 19:06:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=hvp0MN/vVjxVHeyet29cptyoK0g72+TkJp0FDyEbWjo=; b=CD/pQfcYwJpu4fJ1av0xBafXq14ZZqbF9or/E1gZrhic6Qf52kVG7ebK1d5BnTI8Y6 GbmhfGsrpmSTjUoshSUe/PWsjyWzVON4dtCuvna63MdWH8kkVc0zi55RLHftf0onULba P4AV6e7vHLbCajrLJSXuUkqtYm0TDtosENZvEv4tAGkNN2VMmA7gsYHjb9JmZHEiIvG2 qgOuGhQ0XxvHaqHSWvBI6TsXhC2Fk3cG5h9pCj8eNrgOPyyj98NYfL3obA9q5uKUN5A/ QrxBrETtRobMd2+jjsKycc+iN1wAm5weB4FDG6iXPo0yOWsaCqT4zdojWNJMlJ+Y/gxb mwsA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=hvp0MN/vVjxVHeyet29cptyoK0g72+TkJp0FDyEbWjo=; b=QCkdI1m5q+O8KbGi+UpdM0ANpAw+wkUqmzRXfMXMLnHepg1EWh226YLoHumNDRuCi7 kmlk4+MIfBBMRsw7HyUnUP+2x5HCM1ZdhtHsazvNedIbS02g88o33mwbQd6YULIWD+Me eii1L6QLhUwWJ4W/kgOZVadYqY3v/rBeM1xLJ3fwbCI9BZbPeZ3qeMwrMdAExiqCWb21 k+jhj0m2n8iuV70VaPCj2SMpq7WyjvEGbKKiX/20RjStrhBPxrN8LHyufVsvt+C1L4ys I4cEnj4pVEoszqdWTbhOgtrP9zbPulv0wZ1cw6/9AFbcoeUo8GaX0PQytw1r8rAY3rnh FNZQ== X-Gm-Message-State: APjAAAWxhVzcedVPpPkP2yf0+enHef6IlzaPiobAyVSxwNgEE8dYyD4H zRhA1hcF8lDwmh799J2T1hknR5pt4nAuJMHJlQjSTC7No9AAcw== X-Google-Smtp-Source: APXvYqwUiqs3mDYOynA3SBiGopxhPoAIjhQZ3YPqhBey2MrKRqgtWUk20CJSz6MNF20z9LiyOHioM17layFeWo3ZU4Q= X-Received: by 2002:a2e:9c41:: with SMTP id t1mr8517176ljj.6.1560737207634; Sun, 16 Jun 2019 19:06:47 -0700 (PDT) MIME-Version: 1.0 From: Elichai Turkel Date: Sun, 16 Jun 2019 22:06:21 -0400 Message-ID: To: bitcoin-dev@lists.linuxfoundation.org Content-Type: multipart/alternative; boundary="000000000000d94ea0058b7b722c" X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, HTML_MESSAGE, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Mon, 17 Jun 2019 14:44:05 +0000 Subject: Re: [bitcoin-dev] New BIP - v2 peer-to-peer message transport protocol X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jun 2019 02:06:50 -0000 --000000000000d94ea0058b7b722c Content-Type: text/plain; charset="UTF-8" Hi everyone, About the nonce being 64bit. (rfc7539 changed it to 96bit, which djb later calls xchacha) You suggest that we use the "message sequence number" as the nonce for Chacha20, Is this number randomly generate or is this a counter? And could it be reseted without rekeying? If it is randomly generated then 64bit isn't secure enough. And we should either move to the chacha20 from RFC7539 which has 96bit nonce and 32bit counter or increment it manually every time. If it's simply a counter then 64bit nonce should be fine :) Thanks, Elichai. -- PGP: 5607C93B5F86650C --000000000000d94ea0058b7b722c Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi everyone,
About the nonce being 64bit. (rfc7539 chan= ged it to 96bit, which djb later calls xchacha)

You suggest that we= use the "message sequence number" as the nonce for Chacha20, Is = this number randomly generate or is this a counter?
And could it be res= eted without rekeying?

If it is randomly generated then 6= 4bit isn't secure enough. And we should either move to the chacha20 fro= m RFC7539 which has 96bit nonce and 32bit counter or increment it manually = every time.

If it's simply a counter then 64bit nonce= should be fine :)

Thanks,
Elichai.
<= div>

--
PGP: 5607C93B5F86650C

--000000000000d94ea0058b7b722c--