Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify nonce size for onion cipher #849

Merged
merged 1 commit into from
Mar 2, 2021
Merged

Clarify nonce size for onion cipher #849

merged 1 commit into from
Mar 2, 2021

Conversation

matheusd
Copy link
Contributor

Some ChaCha20 implementations API's support both 64- and 96-bit nonces, while
others only support a single one.

Functionally, both nonce sizes are equivalent for LN usage, since the
nonce is always zeroed. However, while evaluating spec compliance of
ChaCha20 libraries, the fact that some do not support the 8 byte nonce
variant prompted a closer investigation about the nonce requirement.

Since RFC8439 is the one linked to in the current BOLT0004 spec and that
RFC only specifies the 96-bit nonce variant, that requirement is made
more explicit by this commit.

@matheusd
Clarify nonce size for onion cipher
ffa0a3c 
Some ChaCha20 implementations API's support both 64- and 96-bit nonces, while
others only support a single one.

Functionally, both nonce sizes are equivalent for LN usage, since the
nonce is always zeroed. However, while evaluating spec compliance of
ChaCha20 libraries, the fact that some do not support the 8 byte nonce
variant prompted a closer investigation about the nonce requirement.

Since RFC8439 is the one linked to in the current BOLT0004 spec and that
RFC only specifies the 96-bit nonce variant, that requirement is made
more explicit by this commit.
t-bast
t-bast reviewed Feb 18, 2021
View reviewed changes
Copy link
Collaborator

@t-bast t-bast left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch, ACK, we are indeed using 96-bit nonces.

@t-bast t-bast mentioned this pull request Feb 23, 2021
Closed
19 tasks
@cdecker
Copy link
Collaborator

cdecker commented Mar 1, 2021

Oh nice one, we are using libsodium which takes 64bits, hence the implicit assumption in my writeup.

ACK

cfromknecht
cfromknecht approved these changes Mar 1, 2021
View reviewed changes
Copy link
Collaborator

@cfromknecht cfromknecht left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@Roasbeef Roasbeef merged commit 946bbeb into lightning:master Mar 2, 2021
@matheusd matheusd deleted the onion-nonce-size branch March 2, 2021 11:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@t-bast t-bast t-bast left review comments

@cfromknecht cfromknecht cfromknecht approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@matheusd @cdecker @cfromknecht @t-bast @Roasbeef