1
0
mirror of https://github.com/lightning/bolts.git synced 2024-11-19 01:50:03 +01:00
Commit Graph

56 Commits

Author SHA1 Message Date
Rusty Russell
7f53a3e46e BOLT 8: make it clear that there are *two* chaining keys.
lnmessage got this wrong!  It would pass our test vectors, but actually fail
in real usage, since it used the same `ck`.

Also, nonce rotation happens after 1000 encryptions, which is when the nonce
reaches 1000 (since it's zero based!), not when it *exceeds* 1000.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2023-07-18 05:38:27 +09:30
Yong
50b7391a6e
Replace RFC7539 with RFC8439 (#763) 2020-08-03 22:56:00 +02:00
Corné Plooy
cc40afa88b BOLT 8: add missing MAC check in Act Three 2020-07-20 15:49:50 -05:00
Tim Ruffing
fb7102e034
Remove reference to DER encoding for public keys in compressed format (#742)
ECDSA signatures in Bitcoin are DER-encoded but public keys are not.

The compressed format for public keys is for example standardized in
Sections 2.3.3 and 2.3.4 of

  Standards for Efficient Cryptography, SEC 1: Elliptic Curve
  Cryptography, Certicom Research, Version 2, 2009,
  https://www.secg.org/sec1-v2.pdf
2020-02-17 11:00:30 +01:00
Tim Ruffing
35f6376f20 pubkeys live on the curve, not in the finite field 2019-11-04 06:00:50 +01:00
Rene Pickhardt
7cb708da20 BOLT08: define e and s within the context of the noise handshake
When the notation of the noise protocol framework is being introduced the terms `ck` and `k` are being explained but `e` and `s` are only referred to was public keys. I fixed that by stating what they stand for and noting that `s` is usually the the `nodeid` in the context of the Lightning Network protocol.
2019-04-30 20:00:26 -07:00
Richard Bondi
8479a92a4f fix broken links 2019-02-18 10:08:04 +00:00
Hiroki Gondo
96b0ede8c0 BOLT 8: fix typo. 2019-01-07 12:35:20 -08:00
Hiroki Gondo
635a6a7df9 BOLT 8: fix a typo 2018-11-06 14:26:27 +11:00
Hiroki Gondo
1222fd1eca BOLT 8: fix s description
In this document `s` is not a public key but keypair.
Because there are expressions such as `s.priv`
2018-11-06 14:26:27 +11:00
Hiroki Gondo
6fea210458 BOLT 8: change the order of arguments of ECDH function
ref. http://noiseprotocol.org/noise.html#dh-functions
The order of arguments of DH function is the order of private key, public key.
Made the same order.
This order is reflected in the expressions of `ee`, `se`, `es`, `ss`.
2018-11-06 14:26:27 +11:00
Hiroki Gondo
46b616c142 BOLT 8: fix names of returned values of ECDH function
ref. http://noiseprotocol.org/noise.html#overview-of-handshake-state-machine
Change `ss` to `es`, `ee`, `se` according to each case.
2018-11-06 14:26:27 +11:00
Rusty Russell
e0c436bd7a BOLT 8: remove extraneous ).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-06-29 02:23:15 +00:00
Rusty Russell
9265349d2e BOLT 8: clarify rotation frequency.
1 message = 2 encryptions.

Fixes: #403
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-06-11 11:18:30 +00:00
Landon Mutch
f608c33fd9 make changes requested by cdecker 2018-04-18 12:43:16 +02:00
Landon Mutch
7dd1983479 BOLT 8: finish copy edit to bring in line with stylesheet; 2018-04-18 12:43:16 +02:00
Landon Mutch
99da0d638a BOLT 08: copy edit to line 188, impliment standard spacings between sections; 2018-04-18 12:43:16 +02:00
practicalswift
939ce285bc BOLT 8: Fix debate over whether [] ranges are inclusive or exclusive
The english is pretty clear for these simple cases anyway.
2018-02-22 00:12:13 +00:00
practicalswift
5fe7fc3d62 Change from "Encrypting Messages"/"Decrypting Messages" to "Encrypting and Sending Messages"/"Receiving and Decrypting Messages"
In order to reflect what is actually documented.
2018-02-20 01:11:44 +00:00
practicalswift
bf87822538 Use consistent method for referencing RFC:s 2018-02-05 19:32:51 +00:00
practicalswift
87ff1bf7f1 Distinguish between static and ephemeral public keys 2018-02-05 19:32:51 +00:00
Cayle Sharrock
1ad7933241 Fix typo
public -> private
2018-02-05 11:32:34 +01:00
practicalswift
07976959d3 Use consistent capitalization for MITM 2018-02-05 09:09:51 +00:00
practicalswift
2c3466a2af Remove trailing whitespace 2018-01-30 04:54:31 +00:00
Rusty Russell
58f6a70889 BOLT 8: use incremented numbers for numbering.
Markdown doesn't care, but we have humans reading the text.

Reported-by: @roasbeef
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-01-30 03:47:32 +00:00
Rusty Russell
0f50cc220d BOLT 8: Steps in each Act are ordered.
So we should use an enumeration, not an unordered list.  Same applies to
encryption, decryption and key rotation algorithms.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-01-30 03:47:32 +00:00
practicalswift
a270bb2fec Standardization. Use "based on" instead of "based off of". 2018-01-30 03:34:22 +00:00
Shannon Appelcline
0d74fd7b53 Lower-cased an "a". 2017-12-10 23:43:34 +00:00
Shannon Appelcline
978f3dfb01 Fix from #306
Added fix for duplicate word courtesy of @dimitris-t in #306.
2017-12-10 23:43:34 +00:00
Shannon Appelcline
130bc5da2c Responses to BOLT-8 Reviews
(1) addressed review items from @rustyrussell and @toadlyBroodle ; and (2) added table of contents courtesy of @bcongdon in #310
2017-12-10 23:43:34 +00:00
Shannon Appelcline
2b8b491c74 BOLT-8 Edits
More clarity and copyediting. I also removed quite a few `s that didn't seem to match general usage for "code".
2017-12-10 23:43:34 +00:00
Dave Collins
42edacd9e7 BOLT 8: Fix current set typo. 2017-12-04 05:43:02 +00:00
Jim Posen
9073a5f3de multi: Fix a few typos and grammatical errors. 2017-09-25 12:34:30 +09:30
Rusty Russell
d3cda9bef2 BOLT 8: Add CC-BY icon image (to match other BOLTs)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-11 11:20:36 +09:30
Rusty Russell
2800f12025 BOLT 8: fix trivial typo.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-11 11:20:36 +09:30
Rusty Russell
7ee9619c0c BOLT 8: typo fixes
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-03 13:08:07 +09:30
Christian Decker
bf815005ec BOLT08: Renumbering references
We dropped reference 1 and 2 during the split, and the offset
numbering is causing a bit of head-scratching. This renumbers the
reference.

Closes #117
2017-02-28 13:48:54 +10:30
Rusty Russell
fc4846a27b BOLT 8: fix broken test vectors (keys backwards), annotate encryption more.
Reported-by: Olaoluwa Osuntokun <laolu32@gmail.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-16 10:55:15 -08:00
Delo
7f6560e253 typo in byte count 2017-01-11 20:15:21 +10:30
Delo
258ef42c1e typos in message parsing bytes 2017-01-11 20:15:21 +10:30
Olaoluwa Osuntokun
7e067bd0d9
BOLT 8: specify that chacha nonces are 96-bit little-endian
This commit fixes an oversight within the spec that details the
encryption nonces as being encoded in a big-endian form rather an a
little-endian for as is intended.

Since our internal nonces are 64-bit in order to match with the Noise
spec, we encoded the 96-bit nonce as 32-bits of leading zeroes followed
by the 64-bit little-endian value.
2017-01-06 13:57:32 -08:00
Rusty Russell
ad5e629cb4 BOLT 8: Test vectors for transport / key rotation.
Note that we increment nonce twice every message, meaning we rotate at
msg 500.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-05 11:36:16 +10:30
Rusty Russell
6be5857021 BOLT 8: Add test vectors.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-12-22 11:33:14 +10:30
Rusty Russell
fcc93d480a BOLT 8: Nonces should be little-endian, 64 bit.
This follows the Noise spec.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-12-22 11:33:14 +10:30
Rusty Russell
9f979bae5b BOLT 8: clarify the hkdf args. (#57)
They're salt and ikm respectively (using language from RFC5869).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-12-13 10:46:54 -08:00
Rusty Russell
3f1948ec12 BOLT 4, BOLT 8: use libsecp256k1-style ECDH.
You should probably be using this library anyway, so let's use their
ECDH style.

Closes: #49
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-12-13 10:25:25 +10:30
Christopher Jämthagen
c5ca57b853 [trivial] Some spelling and language fixes in BOLTs 6,7,8 (#41)
* Some spelling and language fixes in BOLTs 6,7,8
2016-12-09 10:32:23 +10:30
Rusty Russell
2c91aa869f BOLT 8: make temporary handshake keys explicit.
This makes it clear that we do reuse the second one (and hence must
increment the nonce there).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-12-08 10:58:03 +10:30
Rusty Russell
1da044eb06 BOLT 8: clarify handshake nonces.
Spell out the send/receive nonces for the normal message transport;
they're 0 except in one place where Act3 re-uses temp_k from Act2.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>


Header from folded patch 'typo-fixes.patch':

Typo fixes to squash.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-12-08 10:58:03 +10:30
Rusty Russell
15bda3eedd BOLT 8: explicit sn and rn nonces.
Spells it out that they are two separate nonces.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-12-08 10:58:03 +10:30