IPv6 with CGA and Bitcoin

IPv6 incorporates the new concept of privacy extended addresses. These are referred to as CGA (cryptographically generated addresses), and have the goal of maintaining privacy whilst still providing a level of accountability and validation that can be configured by the link administrators.

A CGA [RFC3972] is an IPv6 address, which is bound with the public key of the host where the protection can work via either certificate or local configuration. Manual keying is difficult and not recommended though.

Using CGA we can ensure that the sender of an NDP (Neighbour Discovery Protocol) message is the owner of the claimed address. Before claiming an address, each node generates a public/private key pair, and the CGA option verifies this key. This can be used in reducing the success of several NDP attacks that exist.

SEND (Secure Neighbour Discovery) protocol provisions also allow us to defend against many NDP attacks, but as yet SEND is not widely deployed.

In the most common configuration of CGA, 62 bits are used to store the cryptographic hash of a public key. Here, the host ID = HASH62(public_key). We can see the inputs to the hash in the diagram below.

The capability to embed a security parameter “sec” in the two rightmost bits of an 128-bit Ipv6 address allows the the hash length to be increased in order to improve the security of the mechanism.

In this case, the CGA will have the 64 + 20 x sec rightmost bits of the hash value equal the concatenation of 20 x sec zero bits and the interface identifier of the address. While comparing, the two rightmost bits and the universal and group bits are ignored.

Never miss a story from Craig Wright (Bitcoin SV is the original Bitcoin)