1
0
mirror of https://github.com/lightning/bolts.git synced 2024-11-19 01:50:03 +01:00
Commit Graph

53 Commits

Author SHA1 Message Date
Tim Ruffing
fb7102e034
Remove reference to DER encoding for public keys in compressed format (#742)
ECDSA signatures in Bitcoin are DER-encoded but public keys are not.

The compressed format for public keys is for example standardized in
Sections 2.3.3 and 2.3.4 of

  Standards for Efficient Cryptography, SEC 1: Elliptic Curve
  Cryptography, Certicom Research, Version 2, 2009,
  https://www.secg.org/sec1-v2.pdf
2020-02-17 11:00:30 +01:00
Tim Ruffing
35f6376f20 pubkeys live on the curve, not in the finite field 2019-11-04 06:00:50 +01:00
Rene Pickhardt
7cb708da20 BOLT08: define e and s within the context of the noise handshake
When the notation of the noise protocol framework is being introduced the terms `ck` and `k` are being explained but `e` and `s` are only referred to was public keys. I fixed that by stating what they stand for and noting that `s` is usually the the `nodeid` in the context of the Lightning Network protocol.
2019-04-30 20:00:26 -07:00
Richard Bondi
8479a92a4f fix broken links 2019-02-18 10:08:04 +00:00
Hiroki Gondo
96b0ede8c0 BOLT 8: fix typo. 2019-01-07 12:35:20 -08:00
Hiroki Gondo
635a6a7df9 BOLT 8: fix a typo 2018-11-06 14:26:27 +11:00
Hiroki Gondo
1222fd1eca BOLT 8: fix s description
In this document `s` is not a public key but keypair.
Because there are expressions such as `s.priv`
2018-11-06 14:26:27 +11:00
Hiroki Gondo
6fea210458 BOLT 8: change the order of arguments of ECDH function
ref. http://noiseprotocol.org/noise.html#dh-functions
The order of arguments of DH function is the order of private key, public key.
Made the same order.
This order is reflected in the expressions of `ee`, `se`, `es`, `ss`.
2018-11-06 14:26:27 +11:00
Hiroki Gondo
46b616c142 BOLT 8: fix names of returned values of ECDH function
ref. http://noiseprotocol.org/noise.html#overview-of-handshake-state-machine
Change `ss` to `es`, `ee`, `se` according to each case.
2018-11-06 14:26:27 +11:00
Rusty Russell
e0c436bd7a BOLT 8: remove extraneous ).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-06-29 02:23:15 +00:00
Rusty Russell
9265349d2e BOLT 8: clarify rotation frequency.
1 message = 2 encryptions.

Fixes: #403
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-06-11 11:18:30 +00:00
Landon Mutch
f608c33fd9 make changes requested by cdecker 2018-04-18 12:43:16 +02:00
Landon Mutch
7dd1983479 BOLT 8: finish copy edit to bring in line with stylesheet; 2018-04-18 12:43:16 +02:00
Landon Mutch
99da0d638a BOLT 08: copy edit to line 188, impliment standard spacings between sections; 2018-04-18 12:43:16 +02:00
practicalswift
939ce285bc BOLT 8: Fix debate over whether [] ranges are inclusive or exclusive
The english is pretty clear for these simple cases anyway.
2018-02-22 00:12:13 +00:00
practicalswift
5fe7fc3d62 Change from "Encrypting Messages"/"Decrypting Messages" to "Encrypting and Sending Messages"/"Receiving and Decrypting Messages"
In order to reflect what is actually documented.
2018-02-20 01:11:44 +00:00
practicalswift
bf87822538 Use consistent method for referencing RFC:s 2018-02-05 19:32:51 +00:00
practicalswift
87ff1bf7f1 Distinguish between static and ephemeral public keys 2018-02-05 19:32:51 +00:00
Cayle Sharrock
1ad7933241 Fix typo
public -> private
2018-02-05 11:32:34 +01:00
practicalswift
07976959d3 Use consistent capitalization for MITM 2018-02-05 09:09:51 +00:00
practicalswift
2c3466a2af Remove trailing whitespace 2018-01-30 04:54:31 +00:00
Rusty Russell
58f6a70889 BOLT 8: use incremented numbers for numbering.
Markdown doesn't care, but we have humans reading the text.

Reported-by: @roasbeef
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-01-30 03:47:32 +00:00
Rusty Russell
0f50cc220d BOLT 8: Steps in each Act are ordered.
So we should use an enumeration, not an unordered list.  Same applies to
encryption, decryption and key rotation algorithms.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-01-30 03:47:32 +00:00
practicalswift
a270bb2fec Standardization. Use "based on" instead of "based off of". 2018-01-30 03:34:22 +00:00
Shannon Appelcline
0d74fd7b53 Lower-cased an "a". 2017-12-10 23:43:34 +00:00
Shannon Appelcline
978f3dfb01 Fix from #306
Added fix for duplicate word courtesy of @dimitris-t in #306.
2017-12-10 23:43:34 +00:00
Shannon Appelcline
130bc5da2c Responses to BOLT-8 Reviews
(1) addressed review items from @rustyrussell and @toadlyBroodle ; and (2) added table of contents courtesy of @bcongdon in #310
2017-12-10 23:43:34 +00:00
Shannon Appelcline
2b8b491c74 BOLT-8 Edits
More clarity and copyediting. I also removed quite a few `s that didn't seem to match general usage for "code".
2017-12-10 23:43:34 +00:00
Dave Collins
42edacd9e7 BOLT 8: Fix current set typo. 2017-12-04 05:43:02 +00:00
Jim Posen
9073a5f3de multi: Fix a few typos and grammatical errors. 2017-09-25 12:34:30 +09:30
Rusty Russell
d3cda9bef2 BOLT 8: Add CC-BY icon image (to match other BOLTs)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-11 11:20:36 +09:30
Rusty Russell
2800f12025 BOLT 8: fix trivial typo.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-11 11:20:36 +09:30
Rusty Russell
7ee9619c0c BOLT 8: typo fixes
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-03 13:08:07 +09:30
Christian Decker
bf815005ec BOLT08: Renumbering references
We dropped reference 1 and 2 during the split, and the offset
numbering is causing a bit of head-scratching. This renumbers the
reference.

Closes #117
2017-02-28 13:48:54 +10:30
Rusty Russell
fc4846a27b BOLT 8: fix broken test vectors (keys backwards), annotate encryption more.
Reported-by: Olaoluwa Osuntokun <laolu32@gmail.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-16 10:55:15 -08:00
Delo
7f6560e253 typo in byte count 2017-01-11 20:15:21 +10:30
Delo
258ef42c1e typos in message parsing bytes 2017-01-11 20:15:21 +10:30
Olaoluwa Osuntokun
7e067bd0d9
BOLT 8: specify that chacha nonces are 96-bit little-endian
This commit fixes an oversight within the spec that details the
encryption nonces as being encoded in a big-endian form rather an a
little-endian for as is intended.

Since our internal nonces are 64-bit in order to match with the Noise
spec, we encoded the 96-bit nonce as 32-bits of leading zeroes followed
by the 64-bit little-endian value.
2017-01-06 13:57:32 -08:00
Rusty Russell
ad5e629cb4 BOLT 8: Test vectors for transport / key rotation.
Note that we increment nonce twice every message, meaning we rotate at
msg 500.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-05 11:36:16 +10:30
Rusty Russell
6be5857021 BOLT 8: Add test vectors.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-12-22 11:33:14 +10:30
Rusty Russell
fcc93d480a BOLT 8: Nonces should be little-endian, 64 bit.
This follows the Noise spec.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-12-22 11:33:14 +10:30
Rusty Russell
9f979bae5b BOLT 8: clarify the hkdf args. (#57)
They're salt and ikm respectively (using language from RFC5869).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-12-13 10:46:54 -08:00
Rusty Russell
3f1948ec12 BOLT 4, BOLT 8: use libsecp256k1-style ECDH.
You should probably be using this library anyway, so let's use their
ECDH style.

Closes: #49
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-12-13 10:25:25 +10:30
Christopher Jämthagen
c5ca57b853 [trivial] Some spelling and language fixes in BOLTs 6,7,8 (#41)
* Some spelling and language fixes in BOLTs 6,7,8
2016-12-09 10:32:23 +10:30
Rusty Russell
2c91aa869f BOLT 8: make temporary handshake keys explicit.
This makes it clear that we do reuse the second one (and hence must
increment the nonce there).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-12-08 10:58:03 +10:30
Rusty Russell
1da044eb06 BOLT 8: clarify handshake nonces.
Spell out the send/receive nonces for the normal message transport;
they're 0 except in one place where Act3 re-uses temp_k from Act2.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>


Header from folded patch 'typo-fixes.patch':

Typo fixes to squash.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-12-08 10:58:03 +10:30
Rusty Russell
15bda3eedd BOLT 8: explicit sn and rn nonces.
Spells it out that they are two separate nonces.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-12-08 10:58:03 +10:30
Rusty Russell
d251c7eef3 BOLT 8: fix sk,rk definition for responder.
Cut & paste and insufficiently mangled from initiator wording...

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-12-08 10:58:03 +10:30
Rusty Russell
df871d659e BOLT 8: fix handshake Act 3 receiver hash calculation.
We always hash in the ciphertext.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-12-08 10:58:03 +10:30
Rusty Russell
eb49bf3a17 BOLT 8: More minor clarifications.
1. Note that we're using the IETF chachapoly variant, which has 96 bit nonces.
2. Note that we send over the serialization of the pubkey on the wire.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-12-06 13:39:31 +10:30