BIP151: Clarifications on AAD and sequence numbers.

1 files changed, 4 insertions, 2 deletions

diff --git a/bip-0151.mediawiki b/bip-0151.mediawiki
index cc79712..f565a4e 100644
--- a/bip-0151.mediawiki
+++ b/bip-0151.mediawiki
@@ -123,12 +123,14 @@ After a successful <code>encinit</code>/<code>encack</code> interaction from bot
 
 Encrypted messages do not have the 4byte network magic.
 
+The ciphertext payload length must be included in the AEAD MAC as AAD.
+
 The maximum message length needs to be chosen carefully. The 4 byte length field can lead to a required message buffer of 4 GiB.
 Processing the message before the authentication succeeds must not be done.
 
 The 4byte sha256 checksum is no longer required because the AEAD.
 
-Both peers need to track the message number (int64) of sent messages to the remote peer for building a symmetric cipher IV. Padding might be required (96bit IVs).
+Both peers need to track the message sequence number (uint32) of sent messages to the remote peer for building a 64 bit symmetric cipher IV. Sequence numbers are allowed to overflow to zero after 4294967295 (2^32-1).
 
 The encrypted payload will result decrypted in one or many unencrypted messages:
 
@@ -156,7 +158,7 @@ The Re-Keying must be done after every 1GB of data sent or received (recommended
 
 === Risks ===
 
-The encryption does not include an identity authentication scheme. This BIP does not cover a proposal to avoid MITM attacks during the encryption initialization. 
+The encryption does not include an identity authentication scheme. This BIP does not cover a proposal to avoid MITM attacks during the encryption initialization.
 
 Identity authentication will be covered in another BIP and will presume communication encryption after this BIP.