Expand description
§Noise-SV2: Noise Protocol Implementation for Stratum V2
noise_sv2 ensures secure communication between Sv2 roles by handling encryption, decryption,
and authentication through Noise protocol handshakes and cipher operations.
Implementation of the Sv2 Noise protocol specification.
§Features
- Noise Protocol: Establishes secure communication via the Noise protocol handshake between the
InitiatorandResponderroles. - Diffie-Hellman with
secp256k1: Securely establishes a shared secret between two Sv2 roles, using the same elliptic curve used in Bitcoin. - AEAD: Ensures confidentiality and integrity of the data.
AES-GCMandChaCha20-Poly1305: Provides encryption, with hardware-optimized and software-optimized options.- Schnorr Signatures: Authenticates messages and verifies the identity of the Sv2 roles. In practice, the primitives exposed by this crate should be used to secure communication channels between Sv2 roles. Securing communication between two Sv2 roles on the same local network (e.g., local mining devices communicating with a local mining proxy) is optional. However, it is mandatory to secure the communication between two Sv2 roles communicating over a remote network (e.g., a local mining proxy communicating with a remote pool sever).
The Noise protocol establishes secure communication between two Sv2 roles via a handshake
performed at the beginning of the connection. The initiator (e.g., a local mining proxy) and
the responder (e.g., a mining pool) establish a shared secret using Elliptic Curve
Diffie-Hellman (ECDH) with the secp256k1 elliptic curve (the same elliptic curve used by
Bitcoin). Once both Sv2 roles compute the shared secret from the ECDH exchange, the Noise
protocol derives symmetric encryption keys for secure communication. These keys are used with
AEAD (using either AES-GCM or ChaCha20-Poly1305) to encrypt and authenticate all
communication between the roles. This encryption ensures that sensitive data, such as share
submissions, remains confidential and tamper-resistant. Additionally, Schnorr signatures are
used to authenticate messages and validate the identities of the Sv2 roles, ensuring that
critical messages like job templates and share submissions originate from legitimate sources.
Structs§
- Aead
Error - Error type.
- Initiator
- Manages the initiator’s role in the Noise NX handshake, handling key exchange, encryption, and
handshake state. It securely generates and manages cryptographic keys, performs Diffie-Hellman
exchanges, and maintains the handshake hash, chaining key, and nonce for message encryption.
After the handshake, it facilitates secure communication using either
ChaCha20Poly1305orAES-GCMciphers. Sensitive data is securely erased when no longer needed. - Noise
Codec - A codec for managing encrypted communication in the Noise protocol.
- Responder
- Represents the state and operations of the responder in the Noise NX protocol handshake. It handles cryptographic key exchanges, manages handshake state, and securely establishes a connection with the initiator. The responder manages key generation, Diffie-Hellman exchanges, message decryption, and state transitions, ensuring secure communication. Sensitive cryptographic material is securely erased when no longer needed.
Enums§
- Error
- Noise protocol error handling.
Constants§
- AEAD_
MAC_ LEN - Size of the MAC for supported AEAD encryption algorithm (ChaChaPoly).
- ELLSWIFT_
ENCODING_ SIZE - Size in bytes of the encoded elliptic curve point using ElligatorSwift encoding. This encoding produces a 64-byte representation of the X-coordinate of a secp256k1 curve point.
- ENCRYPTED_
ELLSWIFT_ ENCODING_ SIZE - Size in bytes of the encrypted ElligatorSwift encoded data, which includes the original ElligatorSwift encoded data and a MAC for integrity verification.
- ENCRYPTED_
SIGNATURE_ NOISE_ MESSAGE_ SIZE - Size in bytes of the encrypted signature noise message, which includes the SIGNATURE_NOISE_MESSAGE and a MAC for integrity verification.
- INITIATOR_
EXPECTED_ HANDSHAKE_ MESSAGE_ SIZE - Size in bytes of the handshake message expected by the initiator, encompassing:
- NOISE_
FRAME_ HEADER_ SIZE - Size of the Noise protocol frame header in bytes.
- NOISE_
HASHED_ PROTOCOL_ NAME_ CHACHA - If protocolName is less than or equal to 32 bytes in length, use protocolName with zero bytes appended to make 32 bytes. Otherwise, apply HASH to it. For name = “Noise_NX_Secp256k1+EllSwift_ChaChaPoly_SHA256”, we need the hash. More info can be found at this link.
- SIGNATURE_
NOISE_ MESSAGE_ SIZE - Size in bytes of the SIGNATURE_NOISE_MESSAGE, which contains information and a signature for the handshake initiator, formatted according to the Noise Protocol specifications.