kytv/I2P_Website
1
0
Fork 0
forked from I2P_Developers/i2p.www
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Prop. 157 minor updates

Browse Source
This commit is contained in:
zzz
2021-01-09 11:58:56 -05:00
parent c67a3ce0da
commit 293e7a08bf
1 changed files with 29 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
i2p2www/spec/proposals/157-new-tbm.rst
View File

@@ -5,7 +5,7 @@ Smaller Tunnel Build Messages
:author: zzz, orignal :author: zzz, orignal
:created: 2020-10-09 :created: 2020-10-09
:thread: http://zzz.i2p/topics/2957 :thread: http://zzz.i2p/topics/2957
:lastupdated: 2020-12-29 :lastupdated: 2021-01-09
:status: Open :status: Open
:target: 0.9.51 :target: 0.9.51
@@ -60,7 +60,8 @@ See [Prop156]_ for additional non-goals.
- No requirement for mixed ElGamal/ECIES tunnels - No requirement for mixed ElGamal/ECIES tunnels
- Layer encryption changes, for that see [Prop153]_ - Layer encryption changes, for that see [Prop153]_
- No speedups of crypto operations. It's assumed that ChaCha20 and AES are similar. - No speedups of crypto operations. It's assumed that ChaCha20 and AES are similar,
even with AESNI, at least for the small data sizes in question.
Design Design
@@ -99,7 +100,7 @@ Build: Type 25
Reply: Type 26 Reply: Type 26
Total length: 689 bytes Typical length (with 4 records): 945 bytes
Record Encryption Record Encryption
@@ -159,6 +160,10 @@ TBD
Tunnel Build Messages Tunnel Build Messages
----------------------- -----------------------
Type 25
Type 26
TBD TBD
@@ -169,12 +174,20 @@ This design maximizes reuse of existing cryptographic primitives, protocols, and
This design minimizes risk. This design minimizes risk.
ChaCha20 is faster than AES for small records, in Java testing. ChaCha20 is slightly faster than AES for small records, in Java testing.
ChaCha20 avoids a requirement for data size multiples of 16.
Implementation Notes Implementation Notes
===================== =====================
- As with the existing variable tunnel build message,
messages smaller than 4 records are not recommended.
The typical default is 3 hops.
Inbound tunnels must be built with an extra record for
the originator, so the last hop does not know it is last.
So that middle hops don't know if a tunnel is inbound or outbound,
outbound tunnels should be built with 4 records also.
@@ -183,7 +196,18 @@ Issues
- HKDF details - HKDF details
- Layer encryption changes? - Layer encryption changes?
- Should we do additional hiding from the paired OBEP or IBGW? Garlic?
Should we do additional hiding from the paired OBEP or IBGW? Garlic?
- For an IB build, the build message could be garlic encrypted to the IBGW,
but then it would be larger.
- We could do this for IB now for existing build messages if desired,
but it's more expensive for ElGamal.
- Is it worth it, or does the size of the message (much larger than
typical database lookup, but maybe not database store) plus the
delivery instructions make it obvious anyway?
- For an OB build, the build reply message would have to be garlic encrypted
by the OBEP to the originator, but that would not be anonymous.
Is there another way? probably not.
Migration Migration