Author: Jonas Schnelli 2019-03-22 21:04:46
Published on: 2019-03-22T21:04:46+00:00
The Version 2 Peer-to-Peer Message Transport Protocol is a proposal for a new Bitcoin peer-to-peer transport protocol that aims to provide a more efficient and secure communication method. The current unencrypted message transport is partially inefficient and vulnerable to attacks such as BGP hijack, block delay attacks, and message tempering. Opportunistic encryption will introduce a high risk for attackers of being detected, making it an essential feature for the new protocol.The protocol requires an optimized AEAD construct, a NODE_P2P_V2 signal, a 32bytes-per-side "pseudorandom" key exchange, the removal of the multi-message envelope, and the use of a 3-byte integer with 23 available bits to determine packet length. It also introduces short-command-ID and specifies the key derivation and what communication direction uses what key. Each version 1 Bitcoin peer-to-peer message currently uses a double-SHA256 checksum truncated to 4 bytes. However, encrypting and authenticating a peer-to-peer message with ChaCha20 & Poly1305 would require roughly the same amount of computation power.To request encrypted communication, the initiating peer generates an EC secp256k1 ephemeral key and sends the corresponding 32-byte public key to the responding peer and waits for the remote 32-byte public key from the counterparty. ODD secp256k1 public keys MUST be used (public keys starting with 0x02). If the public key from the generated ephemeral key is an EVEN public key (starting with 0x03), negation is needed to ensure an odd public key.The handshake involves exchanging public keys through ECDH key exchange, with public keys beginning with the 4-byte network magic being forbidden. Once the public keys are exchanged, both parties calculate the shared secret using secp256k1 ECDH. Private keys are never transmitted, and an additional quantum-resistant key exchange like NewHope could be added but is out of scope for this proposal. Once the ECDH secret is calculated on each side, the symmetric encryption cipher keys are derived with HKDF. Both parties also calculate the 256-bit session ID using HKDF_EXPAND.The ChaCha20-Poly1305 encryption scheme is used in the Bitcoin protocol for encrypted communication between peers. The encryption system uses two keys, K1 and K2, to encrypt messages sent over the network. The initiating peer uses K1_A and K2_A to encrypt messages on the send channel while the responding peer uses K1_B and K2_B to decrypt messages on the receive channel.This proposal suggests a new encryption protocol for the Bitcoin network called version 2 (v2). The maximum message size is 8,388,608 bytes with future communication exceeding this limit needing to be split into different messages. The v2 message format supports short IDs for message types with high frequency to save valuable bandwidth. Re-keying can be signaled by setting the most significant bit in the length field before encryption. The next symmetric cipher key must be calculated by SHA256(SHA256(session ID || old_symmetric_cipher_key)) and the packet sequence number of the according encryption direction must be set to 0. This proposal is backward compatible, and non-supporting peers can still use unencrypted communications.
Updated on: 2023-05-20T20:09:27.152597+00:00