crypto: more Span<std::byte> modernization & follow-ups

[rajarshimaitra]

Session Details

• Date: 24-08-2023
• Time: IST 20:00 (UTC 14:30)
• PR: https://github.com/bitcoin/bitcoin/pull/28100
• Context: [Crypto][C++]
• Difficulty: Difficult
• Language: [c++]
• Notes and Questions:

Learning

• Crypto
• C++ mordenisation

  Note: Drop your PR and review related questions below

[stratospher]

Summary

• Modern C++ refers to the standards and enhancements introduced in recent versions of C++ (such as C++11, C++14, C++17, and C++20) which brought significant improvements to the programming language's safety and efficiency.
• Modern C++ capable compilers would be needed for building bitcoin core's source code. example:
  • C++11 in bitcoin core 0.13.0
  • C++14 features in bitcoin core 0.20
  • C++17 features in bitcoin core 0.22
  • open issue #23363 for supporting C++20
• Read more about modern c++ features - https://www.opensourceforu.com/2018/11/whats-new-in-c11-and-c14/, https://www.reddit.com/r/cpp_questions/comments/tgs6ir/what_is_modern_c/
• ChaCha20 is a popular encryption algorithm. It works by scrambling 64 byte blocks using add, xor and rotate operations in a special way. Computerphile has a cool video explaining how ChaCha20 works - https://youtu.be/UeIpq-C-GSA

Questions

1. Did you review the PR? Concept ACK, approach ACK, tested ACK, or NACK? What was your review approach?
2. What is ChaCha20 encryption algorithm? Why are there 2 interfaces - ChaCha20 and ChaCha20Aligned? (hint: Check comments on src/crypto/chacha20.h)
3. Can you pick out some examples of modern c++ code used in this PR? what's the advantage of using these in ChaCha20?(hint: auto, span, std::byte, noexcept, std::array, nodiscard, template, optional, constexpr. You can search up C++ features in https://en.cppreference.com/ and get the C++ version in which it was introduced/updates.)
4. Which version of C++ does bitcoin core support? What's the disadvantage of updating to newer C++ versions?
5. What does ChaCha20() noexcept = delete; do?

[stratospher]

Summary

1. Did you review the PR? Concept ACK, approach ACK, tested ACK, or NACK? What was your review approach?

Concept/tested ACK by the participants who went through the code.

2. What is ChaCha20 encryption algorithm? Why are there 2 interfaces - ChaCha20 and ChaCha20Aligned? (hint: Check comments on src/crypto/chacha20.h)

1. Chacha20 is a secure, fast, and amazingly simple encryption algorithm. ChaCha20 is a hash function which mixes the key, number used once(nonce) and block counter producing a random keystream. This is used to xor and encrypt our data. plaintext xor keystream = ciphertext and ciphertext xor keystream = plaintext

2. It applies 20 round functions to scrambles the 64 byte blocks. 1 round function consists of 4 quarter rounds and the operations in a quarter round consist of AND, XOR and ROTATE operations.

   QUARTERROUND(a, b, c, d)
   a += b;  d ^= a;  d <<<= 16;
   c += d;  b ^= c;  b <<<= 12;
   a += b;  d ^= a;  d <<<=  8;
   c += d;  b ^= c;  b <<<=  7; 

3. 4 words - a, b, c and d are picked either from a column or from a diagonal.

   1. Quarter round operations are performed on a, b, c, d picked from each of the 4 columns one by one (4 quarter rounds = 1 round).
   2. Then Quarter round operations are performed on a, b, c, d picked from each of the 4 diagonals one by one (4 quarter rounds = 1 round).
   3. Now we've completed 2 rounds. If we repeat this 10 times, we perform 20 round functions and that's where the 20 in ChaCha20 comes from.

4. Daniel J Bernstein, the creator of ChaCha20 put a lot of thought in this quarter-round, for both performance and scrambling quality.

   1. it works on 4 words at a time to minimise memory access.
   2. It is very cache friendly.
   3. It also scrambles data a bit better than his earlier Salsa20 quarter-round, because each word is updated twice here, and every word has a chance to influence the three others. This makes Chacha20 a little stronger than Salsa20 in practice.

5. The first block gets the block counter initialised to 0. The difference between 2 blocks is often only one bit. But after the scrambling, that single bit will have wrecked so much havoc it won’t matter - the scrambled blocks will look unrelated to the attacker.

6. ChaCha20Aligned only works on 64 byte blocks. ChaCha20 can encrypt any length message. We interact with the algorithm using ChaCha20 interface. ChaCha20 uses ChaCha20Aligned interface internally to perform the computation.

3. Can you pick out some examples of modern c++ code used in this PR? what's the advantage of using these in ChaCha20?(hint: auto, span, std::byte, noexcept, std::array, nodiscard, template, optional, constexpr. You can search up C++ features in https://en.cppreference.com/ and get the C++ version in which it was introduced/updates.)

• After Bjarne Stroustrup created C++, he wanted to standardise it. That's how an ISO standardised C++ arrived - C++98. Later C++11, C++14, C++17, and C++20 got released with new features and all these enhancements are called modern C++.
  1. auto - the c++ compiler would complain about type errors and so the compiler already know what the type is. auto makes the compiler assign the type by itself since the compiler already knows it.
  2. span - a view for a contiguous sequence of objects (has information about the pointer + size). it's a C++20 feature. Bitcoin core had a custom implementation in src/span.h with API structures compatible with C++20.
  3. std::byte - std::byte models a collection of bits and it's what is best for interacting with raw memory. It supports only bitwise and comparison operations - unlike char which can perform arithmetic operations too.
  4. noexcept - noexcept is used in cases where exception is guaranteed to be not thrown . Just because a function is marked noexcept doesn't mean it wont possibly throw an exception, it just means that your program will terminate rather than let the exception escape from the function..
  5. std::array - a fixed size vector. it's a container with all the good stuff vector brings with it - cache friendly, compact + efficient.
  6. nodiscard - used when the return value of a function should not be ignored.
  7. template - templates are expanded at compiler time. we pass the data type as a parameter so that we don’t need to write the same code for different data types.
  8. optional - the return value of a function that may not return anything.
  9. constexpr - both c++14 and 17 made constexpr have better performance for functions at compile time.

     4. Which version of C++ does bitcoin core support? What's the disadvantage of updating to newer C++ versions?

     We're currently in C++17. It takes time for C++ version to be available on all common platform/linux distributions. We don't generally update it till it's stable + commonly available. For example, Backports like this can take time to be commonly available.

     5. What does ChaCha20() noexcept = delete; do?

     This prevents objects of the ChaCha20 class from being initialized without a key. So initializing with a zero key isn't allowed by the interface of the class.

References

• https://loup-vaillant.fr/tutorials/chacha20-design
• http://cr.yp.to/chacha/chacha-20080128.pdf