fuzz: Differential fuzzing for ChaCha20Forward4064-Poly1305@bitcoin cipher suite #23441

pull stratospher wants to merge 4 commits into bitcoin:master from stratospher:fuzz_aead_v2 changing 7 files +436 −285
  1. stratospher commented at 7:18 AM on November 5, 2021: contributor

    This PR does an alternate implementation of the ChaCha20Forward4064-Poly1305@bitcoin cipher suite according to the new specification proposed in BIP 324. It performs differential fuzzing in order to ensure that the outputs obtained from #20962 and the alternate implementation are consistent.

    The alternate implementation was successfully tested with the ChaCha20Poly1305@Bitcoin AEAD's test vectors in this branch. The first two commits in this PR are from #20962.

  2. DrahtBot added the label Build system on Nov 5, 2021
  3. DrahtBot added the label Utils/log/libs on Nov 5, 2021
  4. DrahtBot commented at 8:13 PM on November 5, 2021: contributor

    <!--e57a25ab6845829454e8d69fc972939a-->

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    <!--174a7506f384e20aa4161008e828411d-->

    Conflicts

    Reviewers, this pull request conflicts with the following ones:

    • #24203 (doc: Fix typos pointed out by lint-spelling by brunoerg)
    • #23233 (BIP324: Add encrypted p2p transport {de}serializer by dhruv)
    • #20962 (Alter the ChaCha20Poly1305@Bitcoin AEAD to the new specification by jonasschnelli)

    If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

  5. DrahtBot cross-referenced this on Nov 5, 2021 from issue [Fuzz] Poly1305 differential fuzzing against Floodyberry's implementation by prakash1512
  6. DrahtBot cross-referenced this on Nov 6, 2021 from issue fuzz: Differential fuzzing to compare Bitcoin Core's and D. J. Bernstein's implementation of ChaCha20 by stratospher
  7. DrahtBot cross-referenced this on Nov 6, 2021 from issue Alter the ChaCha20Poly1305@Bitcoin AEAD to the new specification by jonasschnelli
  8. dhruv added this to the "Needs review" column in a project
  9. DrahtBot cross-referenced this on Nov 9, 2021 from issue BIP324: Add encrypted p2p transport {de}serializer by dhruv
  10. fanquake removed the label Build system on Dec 10, 2021
  11. DrahtBot added the label Needs rebase on Dec 17, 2021
  12. Alter the ChaCha20Poly1305@Bitcoin AEAD to the new specification
    Co-authored-by: Dhruv Mehta <856960+dhruv@users.noreply.github.com>
    e1d597644a
  13. test: clarify that encrypted length is payload length 93f7c70b4f
  14. [crypto] Add alternate implementation of ChaCha20Forward4064-Poly1305@Bitcoin e6af6dcb15
  15. [fuzz] Add fuzzing harness to compare both implementations of aead v2 90682d98cb
  16. stratospher force-pushed on Dec 17, 2021
  17. DrahtBot removed the label Needs rebase on Dec 17, 2021
  18. DrahtBot cross-referenced this on Jan 30, 2022 from issue doc: Fix typos pointed out by lint-spelling by brunoerg
  19. DrahtBot added the label Needs rebase on Jan 31, 2022
  20. DrahtBot commented at 8:07 AM on January 31, 2022: contributor

    <!--cf906140f33d8803c4a75a2196329ecb-->

    🐙 This pull request conflicts with the target branch and needs rebase.

    <sub>Want to unsubscribe from rebase notifications on this pull request? Just convert this pull request to a "draft".</sub>

  21. DrahtBot commented at 7:03 AM on July 25, 2022: contributor

    <!--13523179cfe9479db18ec6c5d236f789-->There hasn't been much activity lately and the patch still needs rebase. What is the status here?

    • Is it still relevant? ➡️ Please solve the conflicts to make it ready for review and to ensure the CI passes.
    • Is it no longer relevant? ➡️ Please close.
    • Did the author lose interest or time to work on this? ➡️ Please close it and mark it 'Up for grabs' with the label, so that it can be picked up in the future.
  22. achow101 commented at 6:45 PM on October 12, 2022: member

    Are you still working on this?

  23. stratospher commented at 7:19 PM on October 12, 2022: contributor

    Closing this PR since this has been replaced with a better AEAD with formal security analysis in BIP 324.

    And if anyone's interested in differential fuzzing(feel free to reach out!), I am working on fuzz testing python and cpp implementations of cryptography used in BIP 324 outside this repository. This would be a stronger test compared to the one in the PR since different programming languages are involved. See #23915.

  24. stratospher closed this on Oct 12, 2022
  25. sipa cross-referenced this on Sep 8, 2023 from issue BIP324 tracking issue by sipa
  26. bitcoin locked this on Oct 12, 2023
Contributors
stratospherDrahtBotachow101
Labels
Utils/log/libsNeeds rebase
Linked (view graph)
#20962 Alter the ChaCha20Poly1305@Bitcoin AEAD to the new specification#23915 fuzz: prototype for cross-language differential fuzzing#27634 BIP324 tracking issue
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-05-20 06:53 UTC