From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id E1B8071 for ; Wed, 29 Jun 2016 18:34:13 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from server3 (server3.include7.ch [144.76.194.38]) by smtp1.linuxfoundation.org (Postfix) with ESMTP id 5D4DD248 for ; Wed, 29 Jun 2016 18:34:13 +0000 (UTC) Received: by server3 (Postfix, from userid 115) id 2CDD42E60569; Wed, 29 Jun 2016 20:34:12 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, FSL_HELO_NON_FQDN_1 autolearn=ham version=3.3.1 Received: from Jonass-MacBook-Pro-2.local (cable-static-140-182.teleport.ch [87.102.140.182]) by server3 (Postfix) with ESMTPSA id DCA352D0028C; Wed, 29 Jun 2016 20:34:10 +0200 (CEST) To: Arthur Chen , Bitcoin Protocol Discussion References: <87h9cecad5.fsf@rustcorp.com.au> <577224E8.6070307@jonasschnelli.ch> From: Jonas Schnelli Message-ID: <5774149E.1010105@jonasschnelli.ch> Date: Wed, 29 Jun 2016 20:34:06 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="a6squ2q0XH40soRAvOWm1k3bRQ6OpASAS" Subject: Re: [bitcoin-dev] BIP 151 use of HMAC_SHA512 X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jun 2016 18:34:14 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --a6squ2q0XH40soRAvOWm1k3bRQ6OpASAS Content-Type: multipart/mixed; boundary="vjH9fKh9MPgk1HRa5udCh3dTVE1cRwCsl" From: Jonas Schnelli To: Arthur Chen , Bitcoin Protocol Discussion Message-ID: <5774149E.1010105@jonasschnelli.ch> Subject: Re: [bitcoin-dev] BIP 151 use of HMAC_SHA512 References: <87h9cecad5.fsf@rustcorp.com.au> <577224E8.6070307@jonasschnelli.ch> In-Reply-To: --vjH9fKh9MPgk1HRa5udCh3dTVE1cRwCsl Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable > Based on previous crypto analysis result, the actual security of SHA512= > is not significantly higher than SHA256. > maybe we should consider SHA3? As far as I know the security of the symmetric cipher key mainly depends on the PRNG and the ECDH scheme. The HMAC_SHA512 will be used to "drive" keys from the ECDH shared secret.= HMAC_SHA256 would be sufficient but I have specified SHA512 to allow to directly derive 512bits which allows to have two 256bit keys with one HMAC operation (same pattern is used in BIP for the key/chaincode derivation). Keccak would be an alternative but we probably don't want to introduce another new hash type just for the encryption. --vjH9fKh9MPgk1HRa5udCh3dTVE1cRwCsl-- --a6squ2q0XH40soRAvOWm1k3bRQ6OpASAS Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXdBSfAAoJECnUvLZBb1PsAGMP/04UlSZ5gXNzTYNAy4B5WDcw W1mnlg5PTn+B+vQVcpVj67kwyPfQnMueSp/SqB//8wpRPFE74AL/F4OdZiWfjUc+ a/omUIA/B82JGq+a7yiZVidlEGnS1Tf6eRNaOI00rEykDH0oShUEBbJh+wv8Z1AJ zfE1Bubcfzr+8eK4GkUAlExqdQXuoQ851E19z/EP1icZXrt7ykcaCmdQQdEIE//+ YRb7AAofcI/Ux6xaubNtMbzoBIt+z0TMvqn4PPBmrb1bHDTozxqd/ufeRAG+W0i/ 6BDRJ9kq6fz4DWK3Zf88jyCq4NALy7Nmalh0Cyzb+fNK8KHm8H/c6S8xjtGMf8kb kAIfYTgqISKjs6D8PN4FWGk8W1NxgILayfaBGTUORKd5B0PagQfuKP8tZe/MOOG7 3LBoSUVTzoduztSjKnnkrnhlpaUcFJMhKjWRYw3lgscs9SolajeJ2l3JYyhBbHOg eb+q5RPdT4+fCCobdWyLqLGVJE/sVICmAne0ULsU/cXz0KPA+xc9qiUtU/O0W/r4 qmXdAoK1ftIlWV7W0BAu6sEQREqnt8qevflLv0QL9d1fXldIef7uuCcIVQTvtTzz bXcvfAaeiSTJievxqBfrlwd7UdDM/mmLZqHFtbVmJfd6JdSUR4ZGKafwha662fkM VeE76DV0tHpcC/iGNZ9N =KIie -----END PGP SIGNATURE----- --a6squ2q0XH40soRAvOWm1k3bRQ6OpASAS--