← Back to Bitcoin Improvement Proposals
BIPinformationalkey-management
[bip151] slightly increase robustness of the re-keying
The current re-keying procedure does allow an attacker knowing the current symmetric cipher key while **not** knowing the session-id (derived from the ECDH secret) to "survive" the re-keying. This will slightly increase the prediction resistance. Also includes a ugly typo in the `hkdf` key. Reported by @ccjj. cc: @ccjj
No reviewsCollections:BIPs — Merged
Specification
The current re-keying procedure does allow an attacker knowing the current symmetric cipher key while not knowing the session-id (derived from the ECDH secret) to "survive" the re-keying.
This will slightly increase the prediction resistance.
Also includes a ugly typo in the hkdf key. Reported by @ccjj.
cc: @ccjj
Discussion (0 threads)
Loading discussions...