Roasbeef
commented
7 years ago Technically, the nonce is set, just to an initial value of all zeroes.
A nonce of all zeros is permissible as each generated intermediate key is never re-used. Within packet generation/processing chacha20 is used as a CSPRNG to generate a stream of random bytes by running the cipher with a fixed-size byte slice of all zeroes as input. As a result, the nonce is never incremented.
david415
the nonce isn't set!? https://github.com/lightningnetwork/lightning-onion/blob/master/sphinx.go#L337-L338
perhaps you could argue that setting the nonce isn't strictly necessary?