Author: Jonas Schnelli 2019-06-17 16:20:32
Published on: 2019-06-17T16:20:32+00:00
In a discussion about the nonce for Chacha20, Elichai proposed using a "message sequence number" as the nonce. The BIP324 (v2 message transport protocol) proposed AEAD, ChaCha20Poly1305 at Bitcoin, uses a message sequence number which starts with 0 and the maximum traffic before a rekey must occur is 1GB. There is no such thing as a random nonce described in the BIP, hence the term "sequence number". It is impossible to reuse a nonce/key conceptually, but there could be implementation screw-ups. While XChaCha20 can be used with a random nonce, there seems to be no reason to use it in this case since the usage of a sequence number as nonce appears perfectly safe.
Updated on: 2023-06-13T19:30:16.096209+00:00