plans for implementing BIP 324 #1691
Replies: 11 comments 37 replies
-
I think this is a great idea for a SoB project, if you're willing and able to do the mentoring :). It probably should live in a separate crate, at least initially, because it's a fair bit of additional complexity. We also may need to bring on a RustCrypto dependency to get chacha, at least initially, which I am loath to do. (Eventually we should be able to drop this; chacha20 is implemented in secp256k1-zkp so I assume it will find its way into libsecp eventually, and even if it doesn't, it's a conceptually very simple algorithm that we could maybe try to hand-roll.) Alternately, it sounds like you think that implementing chacha20 is feasible for one SoB student, that sounds even better. |
Beta Was this translation helpful? Give feedback.
-
If you create a separate crate please post it here so that we can subscribe. I think a good SoB goal would be to get it into the rust-bitcoin org, which roughly means:
|
Beta Was this translation helpful? Give feedback.
-
Hi @stratospher, any updates on this? I'm excited to help with this. |
Beta Was this translation helpful? Give feedback.
-
BIP324 definitely sounds like something that could merit its own crate as it will depend on some new crypto stuff and perhaps some other new dependencies? If it's really just crypto, it could maybe be in rust-bitcoin IMO. I'm definitely interested in an impl for this (SoB gogogo) for the bitcoin-p2p crate I've been working on. |
Beta Was this translation helpful? Give feedback.
-
Seeking Feedback: Introducing FSChaCha20 Implementation for Rust-BIP324 in Rust BitcoinI am thrilled to share my recent progress on implementing FSChaCha20 under BIP324 for Rust Bitcoin. I have successfully implemented ChaCha20 Block and utilized it to develop FSChaCha20, which efficiently avoids wasting pseudorandom bytes, as discussed in the BIP324 specification. FSChacha20 is just Chacha20 which gets rekeyed every 224 packets and it is ultimately used to encrypt the length of P2P message which is stored as 3 bytes. Code RepositoryTo review my code and provide your valuable feedback, you can find the implementation in my GitHub repository: Adidev-KGP/rust-bip324#1. Next StepsI have made a simple/basic implementation for FSChaCha20 with tests which work based on the BIP324 specifications. 1. Constant-Time Operations in ChaCha20 ImplementationDuring the development process, I encountered a concern regarding the use of
2. Leveraging const-generics for Flexibility and ReusabilityFurthermore, I am considering the adoption of 3. Memory SecurityTo address memory security concerns, I aim to incorporate the I genuinely appreciate your time and expertise in reviewing my work! Your feedback will play a vital role in refining and advancing the FSChaCha20 implementation for Rust-BIP324. Thank you for your dedication to the Rust Bitcoin Community, and I eagerly anticipate the opportunity to collaborate with you. |
Beta Was this translation helpful? Give feedback.
-
Lol, I like it. Funny that we'll likely wind up with C-wrapped Rust-wrapped C for rust-secp. |
Beta Was this translation helpful? Give feedback.
-
My SoB project on FSChaCha20 is done and can be found here. I would appreciate any reviews on the code to make it acceptable for rust-bitcoin. Thankyou. |
Beta Was this translation helpful? Give feedback.
-
Sounds like scope creep to add in |
Beta Was this translation helpful? Give feedback.
-
Hi folks, as part of a Chaincode program I completed a BIP324 library (not trying to steal anyone's thunder this was completely random). I read through the discussion thus far and it sounds like there was great care taken in the design of the My library exposes four unique functions that execute the handshake and a struct to encrypt and decrypt messages thereafter. All messages are expected to be a In the meantime, I will fixup and Cheers! |
Beta Was this translation helpful? Give feedback.
-
Ok LGTM. I did not review the cryptography or even check that it works as a BIP324 implementation with a node. But I did spend some time poking at the code which overall looks well-structured. I ran a bunch of off-by-default clippy lints which all passed, checked for unsafe, checked for documentation and unit tests, etc. I did find a bunch of unnecessary error variants which I filed an issue about, but that's hardly a blocking issue. I checked that the crate compiled with 1.56.1 (it does not, but I filed an issue). There's also plenty of room to improve CI. I hope that over the next couple weeks we'll have genericized our CI infrastructure enough that it'd be easy for people to copy it and get very thorough coverage. If this were my codebase I would:
But these are all just stylistic things. |
Beta Was this translation helpful? Give feedback.
-
Thanks for your work @Adidev-KGP -- I apologize for not reviewing your code. After a cursory review looks like it is not as complete or polished as the implementation by @nyonson and @rustaceanrob, so I am going to take the latter into the org and not your crate. I don't mean this personally at all; it just happens that when I finally got around to digging into this issue, that there were two implementations, and one was much more complete than the other. |
Beta Was this translation helpful? Give feedback.
-
curious to know whether there’s interest in implementing BIP 324 in rust bitcoin. starting points would be implementing FSChaCha20Poly1305(a cryptographic primitive to encrypt/decrypt the network messages) and creating bindings for elligator swift.
what do you think of FSChaCha20Poly1305 implementation as a summer of bitcoin project? i’m willing to mentor and have been helping with testing/reviewing BIP 324 in bitcoin core the past year.
Beta Was this translation helpful? Give feedback.
All reactions