From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 8A38169 for ; Wed, 23 Mar 2016 16:44:31 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-vk0-f41.google.com (mail-vk0-f41.google.com [209.85.213.41]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 2D7DF12D for ; Wed, 23 Mar 2016 16:44:31 +0000 (UTC) Received: by mail-vk0-f41.google.com with SMTP id k1so26755464vkb.0 for ; Wed, 23 Mar 2016 09:44:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:cc; bh=3Gx7HrsSJEH8j3F4ASYdSsSUJfkAairZUhU+yHz3Uzw=; b=zrXFyd6bm5JY8SuQWyro6fGHxj3RYJvqBydLWZa09Y/nBUngBwvKdWG9C34wkxc2vl EjtICYmpAdTvy2VZpiq97DD/ZoAj+kUGQ3rZ6prJnQsPfqY5BCdWSAnsJIu3lbRrPbi0 cdXZmgREswRMNEx8tMCFQRTo49fLXxUUbUrZ+HQITIPlzSMqhbcG/4wm6AmCT4qZ6qCD 3dKUabz+wqbqbIm6ZjvefIKtNm+/pi6P1tnBGMGFsTOLlb+ZUmQV/rKHuqetWdKHI/ak zRqTe5dicvTNB0k6AwdFlZ2iIcUqzK3nRCUiyYo6PXzSKCH1c9hX342UDcBbdi3FDIqh R4xg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:cc; bh=3Gx7HrsSJEH8j3F4ASYdSsSUJfkAairZUhU+yHz3Uzw=; b=mPy98Rti0qjvTp7jjEB2yXIS1Aau4KX/O8sUOt49royORpKpN3NTF0aRlK+ZRH9kFA It21tgkPIBbW0peqxrDV1rARckvbel6EJXfRtduwoPWKEFKK8Oo/3fgZqtYONHd7AU3d y5rdSAX4boKBw+1CxUZVuhW5bbe1+75/vmXq5egmQ+kaYnE+kihVszSNPAdk8QnHoGI3 zwYgLcbe/BP1304uaYo1fLIYt+4okEWuA+yhpVI/cmVVWf47MofQp5d/etfckbNe+Ib0 o97NwP/enyvZoH5T7z7rNYyU8YQ++nKiNOQ+731A5xptAutydDvPMhJRZrId3sQA0z04 jxsA== X-Gm-Message-State: AD7BkJJefJB1Nh7wa42QpYiip8xyUo4WYenXgpKnfeA9hsAWuicAYIAvycRnrQNrDkGe9LtYO7bvgO6oMppmzg== MIME-Version: 1.0 X-Received: by 10.31.161.195 with SMTP id k186mr1819747vke.129.1458751470383; Wed, 23 Mar 2016 09:44:30 -0700 (PDT) Received: by 10.176.2.14 with HTTP; Wed, 23 Mar 2016 09:44:30 -0700 (PDT) In-Reply-To: <56F2B51C.8000105@jonasschnelli.ch> References: <56F2B51C.8000105@jonasschnelli.ch> Date: Wed, 23 Mar 2016 16:44:30 +0000 Message-ID: From: Tier Nolan Cc: Bitcoin development mailing list Content-Type: multipart/alternative; boundary=001a1143f36c35720c052eba0b1e X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,MISSING_HEADERS, RCVD_IN_DNSWL_LOW autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Wed, 23 Mar 2016 16:45:07 +0000 Subject: Re: [bitcoin-dev] p2p authentication and encryption BIPs X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Mar 2016 16:44:31 -0000 --001a1143f36c35720c052eba0b1e Content-Type: text/plain; charset=UTF-8 There is probably not much loss due to per message encryption. Even if a MITM determined that a message was an inv message (or bloom filter message), it wouldn't be able to extract much information. Since the hashes in those messages are fixed size, there is very little leakage. You could make it so that the the encryption messages effectively create a second data stream and break/weaken the link between message size and wrapped message size. This requires state though, so there is a complexity tradeoff. There is no real need to include an IV, since you are including a 32 byte context hash. The first 16 bytes of the context hash could be used as IV. In terms of generating the context hash, it would be easier to make it linear. context_hash_n = SHA256(context_hash_(n-1) | message_(n-1)) As the session gets longer, both nodes would have to do more and more hashing to compute the hash of the entire conversation. --001a1143f36c35720c052eba0b1e Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
There is probably not much loss due to per message en= cryption.=C2=A0 Even if a MITM determined that a message was an inv message= (or bloom filter message), it wouldn't be able to extract much informa= tion.=C2=A0 Since the hashes in those messages are fixed size, there is ver= y little leakage.

You could make it so that th= e the encryption messages effectively create a second data stream and break= /weaken the link between message size and wrapped message size.=C2=A0 This = requires state though, so there is a complexity tradeoff.

There is no real need to include an IV, since you are including a 32 byte = context hash.=C2=A0 The first 16 bytes of the context hash could be used as= IV.

In terms of generating the context hash, it would be= easier to make it linear.

context_hash_n =3D SHA256(cont= ext_hash_(n-1) | message_(n-1))

As the session gets longe= r, both nodes would have to do more and more hashing to compute the hash of= the entire conversation.

--001a1143f36c35720c052eba0b1e--