From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 8511F9D for ; Wed, 29 Jun 2016 20:13:23 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from outmail149084.authsmtp.net (outmail149084.authsmtp.net [62.13.149.84]) by smtp1.linuxfoundation.org (Postfix) with ESMTP id BD09FE2 for ; Wed, 29 Jun 2016 20:13:22 +0000 (UTC) Received: from mail-c232.authsmtp.com (mail-c232.authsmtp.com [62.13.128.232]) by punt22.authsmtp.com (8.14.2/8.14.2/) with ESMTP id u5TKDKHH072776; Wed, 29 Jun 2016 21:13:20 +0100 (BST) Received: from petertodd.org (ec2-52-5-185-120.compute-1.amazonaws.com [52.5.185.120]) (authenticated bits=0) by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id u5TKDIUG094790 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 29 Jun 2016 21:13:19 +0100 (BST) Received: from [127.0.0.1] (localhost [127.0.0.1]) by petertodd.org (Postfix) with ESMTPSA id 34AF0400F7; Wed, 29 Jun 2016 20:11:07 +0000 (UTC) Received: by localhost (Postfix, from userid 1000) id 9AA522056A; Wed, 29 Jun 2016 16:13:17 -0400 (EDT) Date: Wed, 29 Jun 2016 16:13:17 -0400 From: Peter Todd To: Jonas Schnelli , Bitcoin Protocol Discussion Message-ID: <20160629201317.GA4855@fedora-21-dvm> References: <87h9cecad5.fsf@rustcorp.com.au> <577224E8.6070307@jonasschnelli.ch> <5774149E.1010105@jonasschnelli.ch> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="tKW2IUtsqtDRztdT" Content-Disposition: inline In-Reply-To: <5774149E.1010105@jonasschnelli.ch> User-Agent: Mutt/1.5.23 (2014-03-12) X-Server-Quench: ec3e4ce4-3e35-11e6-829e-00151795d556 X-AuthReport-Spam: If SPAM / abuse - report it at: http://www.authsmtp.com/abuse X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR aQdMdAsUEkAaAgsB AmAbWVVeUV57WGo7 bghPaBtcak9QXgdq T0pMXVMcUQAMemh4 Y2keWx11fgUIcHx3 ZAg3DXMOWBcvcVt+ F01RCGwHMGF9YGIW BV1YdwJRcQRDe0tA b1YxNiYHcQ5VPz4z GA41ejw8IwAXAgVt ClhQdBoPWktDGTB0 ZzUrNgIUPWRYHn9b X-Authentic-SMTP: 61633532353630.1037:706 X-AuthFastPath: 0 (Was 255) X-AuthSMTP-Origin: 52.5.185.120/25 X-AuthVirus-Status: No virus detected - but ensure you scan with your own anti-virus system. X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: Re: [bitcoin-dev] BIP 151 use of HMAC_SHA512 X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jun 2016 20:13:23 -0000 --tKW2IUtsqtDRztdT Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jun 29, 2016 at 08:34:06PM +0200, Jonas Schnelli via bitcoin-dev wr= ote: > > Based on previous crypto analysis result, the actual security of SHA512 > > is not significantly higher than SHA256. > > maybe we should consider SHA3? >=20 > As far as I know the security of the symmetric cipher key mainly depends > on the PRNG and the ECDH scheme. >=20 > The HMAC_SHA512 will be used to "drive" keys from the ECDH shared secret. > HMAC_SHA256 would be sufficient but I have specified SHA512 to allow to > directly derive 512bits which allows to have two 256bit keys with one > HMAC operation (same pattern is used in BIP for the key/chaincode > derivation). What's the rational for doing that "directly" rather than with two SHA256 operations? (specifcially SHA256(0 . thing), SHA256(1 + thing) for the two parts we need to derive) Reducing the # of basic cryptographic primitives you need to implement a standard needs is a good thing. --=20 https://petertodd.org 'peter'[:-1]@petertodd.org --tKW2IUtsqtDRztdT Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- iQEcBAEBCAAGBQJXdCvaAAoJEGOZARBE6K+ylGEH/Rn/f4D+Hm8xEvi1iouZD32f vAkiW1yA4j+ntGTrinn7/nMvR6WFYxPSHh3ocN3kj0+awe+hES37Iak96dmJEri2 3YX6MH2P1u0/uMcNpOGFx3zlmgANsLaCvwRffe0790W5ec19hpdHUSdhnl5xUlpp XZllENOo3ht5tzqeV+BBe/PS0uEtTMggnvjuHD3UzGUrmRM8cOhcFT/yLpWK7xoV /AKcGM2IH/mUgO1K3n2Kl1SxtG8EClVSYbjYIiYPmmXOIeZePamqLdd/UK6bUybo KHOlyOLpW69ijv4gEtVOyRdRGTQh9ogbE338R7I6FM83Ml4tNzguJHqqa3uTDw4= =D/g9 -----END PGP SIGNATURE----- --tKW2IUtsqtDRztdT--